ArchLinux: 202105-22: dotnet-runtime-3.1: privilege escalation

Advisories

Arch Linux Security Advisory ASA-202105-22
==========================================

Severity: Medium
Date    : 2021-05-25
CVE-ID  : CVE-2021-31204
Package : dotnet-runtime-3.1
Type    : privilege escalation
Remote  : No
Link    : https://security.archlinux.org/AVG-1945

Summary
=======

The package dotnet-runtime-3.1 before version 3.1.15.sdk115-1 is
vulnerable to privilege escalation.

Resolution
==========

Upgrade to 3.1.15.sdk115-1.

# pacman -Syu "dotnet-runtime-3.1>=3.1.15.sdk115-1"

The problem has been fixed upstream in version 3.1.15.sdk115.

Workaround
==========

None.

Description
===========

An elevation of privilege vulnerability exists in .NET 5.0 and .NET
Core 3.1 when a user runs a single file application on operating
systems based on Linux or macOS. The issue is fixed in .NET 5.0,
Runtime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15
and SDK 3.1.115.

Impact
======

An attacker could elevate privileges from a crafted single file
application.

References
==========

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204
https://github.com/dotnet/announcements/issues/185
https://security.archlinux.org/CVE-2021-31204

ArchLinux: 202105-22: dotnet-runtime-3.1: privilege escalation

May 26, 2021
The package dotnet-runtime-3.1 before version 3.1.15.sdk115-1 is vulnerable to privilege escalation

Summary

An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux or macOS. The issue is fixed in .NET 5.0, Runtime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15 and SDK 3.1.115.

Resolution

Upgrade to 3.1.15.sdk115-1.
# pacman -Syu "dotnet-runtime-3.1>=3.1.15.sdk115-1"
The problem has been fixed upstream in version 3.1.15.sdk115.

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204 https://github.com/dotnet/announcements/issues/185 https://security.archlinux.org/CVE-2021-31204

Severity
CVE-ID : CVE-2021-31204
Package : dotnet-runtime-3.1
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-1945

Impact

An attacker could elevate privileges from a crafted single file application.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.