エラータID: AXSA:2023-6205:16

Release date: 
Tuesday, July 4, 2023 - 00:42
Affected Channels: 
Asianux Server 8 for x86_64

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18.

The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378)

Security Fix(es):

* dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
* dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
* dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
* dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
NuGet Client Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability


Update packages.

Additional Info: 



  1. dotnet6.0-6.0.118-1.el8.ML.1.src.rpm
    MD5: 2cf06ac78141b5e02b4541387b42c80b
    SHA-256: 5b88bb7181124bab1c0eeab2fc9b9f3abc4a9e9a7d4d5c4bd2bc75e99a81f28f
    Size: 509.31 MB

Asianux Server 8 for x86_64
  1. aspnetcore-runtime-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 3e6f2236ece448cda30d67c53460b705
    SHA-256: 4d6c991cff0a583453d0b0af22fb2a9e53adc57932bf6a7e1a954953c9f59713
    Size: 6.92 MB
  2. aspnetcore-targeting-pack-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 70397c758136ae7baa4ec85cb32ecea9
    SHA-256: a9ccc6fca62a0b84f04a1292e5a3d6c2b48436109def559a6cf046e79bfb0e46
    Size: 1.49 MB
  3. dotnet-apphost-pack-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 494861a2724c12700e07dd150751dbcf
    SHA-256: 369a024aee4ef04b984bc5fea756a39b4ac88cac7c4835b398a0dca547a702d6
    Size: 3.95 MB
  4. dotnet-hostfxr-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 705ab791915803e71c87653e86d20ea2
    SHA-256: 39084ee9242c2b1b1dd6f08feb30e76fe16e4edf4ce5a864f2a226a95019f706
    Size: 173.18 kB
  5. dotnet-runtime-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 0269be45aea0d4931e88821992531256
    SHA-256: ab36ecccd8f86be3daac5f204832e87abc4991dc6f8ddb3d567a48cde85be6bf
    Size: 23.41 MB
  6. dotnet-sdk-6.0-6.0.118-1.el8.ML.1.x86_64.rpm
    MD5: 0ececda27d928b9490f618056f7ecb38
    SHA-256: dc6d410e931a4c1f55335690800e41ff898946cbfb8de8561ff2211d8b092f4d
    Size: 77.33 MB
  7. dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8.ML.1.x86_64.rpm
    MD5: 8484eeb0067c3eb2c172697fbb6f60af
    SHA-256: 9a4be88848e097546d650e77acfe3b35059bb98bc3ae1c23eb462c26c3873e3d
    Size: 2.71 GB
  8. dotnet-targeting-pack-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: f149fded74df986207a91549e47cb550
    SHA-256: 8fda68318e0a0cd706188ba07759acbc1c5b5d2d1f8738dfdf0d9ae79596f387
    Size: 2.38 MB
  9. dotnet-templates-6.0-6.0.118-1.el8.ML.1.x86_64.rpm
    MD5: f244a1f598259ebddf679853bbdcbda2
    SHA-256: 1104cb3914c98a457b0a5e61095b247ca8c9587f074b55b0299d1123483f6d93
    Size: 2.73 MB