Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

Fedora 37: FEDORA-2023-25112489ab Critical: .NET 7.0 RCE Threat

fedora
Calendar Grey August 20, 2023
Dist Fedora Esm H88
In August 2023, the Fedora team released a crucial update for .NET 7.0, addressing major vulnerabilities and enhancing security and performance for users
This is the August 2023 update for .NET 6 and .NET 7

Summary

.NET is a fast, lightweight and modular platform for creating

cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web

applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of

framework libraries, an SDK containing compilers and a 'dotnet'

application to drive everything.

Update Information:

This is the August 2023 update for .NET 6 and .NET 7. Release Notes: - 7.0 SDK: - notes/7.0/7.0.10/7.0.110.md - 7.0 Runtime: -notes/7.0/7.0.10/7.0.10.md - 6.0 SDK: - notes/6.0/6.0.21/6.0.121.md - 6.0 Runtime: -notes/6.0/6.0.21/6.0.21.md

Topics%20covered

Topics Covered

security advisory update critical Fedora dotnet RCE

Change Log

* Tue Aug 8 2023 Omair Majid - 7.0.110-1 - Update to .NET SDK 7.0.110 and Runtime 7.0.10 * Wed Jul 19 2023 Fedora Release Engineering - 7.0.109-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2230088 - CVE-2023-35390 dotnet7.0: dotnet: RCE under dotnet commands [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2230088 [ 2 ] Bug #2230089 - CVE-2023-35390 dotnet6.0: dotnet: RCE under dotnet commands [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2230089 [ 3 ] Bug #2230090 - CVE-2023-38180 dotnet6.0: dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2230090 [ 4 ] Bug #2230091 - CVE-2023-38180 dotnet7.0: dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2230091

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-25112489ab' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dotnet7.0
Product: Fedora 37
Version: 7.0.110
Release: 1.fc37
URL: https://github.com/dotnet/
Summary: .NET Runtime and SDK

Topics%20covered

Topics Covered

security advisory update critical Fedora dotnet RCE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here