ArchLinux: 202105-22: dotnet-runtime-3.1: privilege escalation
Summary
An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux or macOS. The issue is fixed in .NET 5.0, Runtime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15 and SDK 3.1.115.
Resolution
Upgrade to 3.1.15.sdk115-1.
# pacman -Syu "dotnet-runtime-3.1>=3.1.15.sdk115-1"
The problem has been fixed upstream in version 3.1.15.sdk115.
References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204 https://github.com/dotnet/announcements/issues/185 https://security.archlinux.org/CVE-2021-31204
Workaround
None.