RedHat: RHSA-2019-1236:01 Moderate: .NET Core on Red Hat Enterprise Linux

    Date15 May 2019
    CategoryRed Hat
    3658
    Posted ByLinuxSecurity Advisories
    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update
    Advisory ID:       RHSA-2019:1236-01
    Product:           .NET Core on Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1236
    Issue date:        2019-05-15
    CVE Names:         CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 
    =====================================================================
    
    1. Summary:
    
    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,
    rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now
    available for .NET Core on Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
    .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
    
    3. Description:
    
    .NET Core is a managed-software framework. It implements a subset of the
    .NET framework APIs and several new APIs, and it includes a CLR
    implementation.
    
    New versions of .NET Core that address security vulnerabilities are now
    available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and
    2.2.5.
    
    Security Fix(es):
    
    * dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
    
    * dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of
    Service (CVE-2019-0980)
    
    * dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of
    Service (CVE-2019-0981)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
    
    * Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
    
    * Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
    
    * Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1654863 - Re-enable bash completion in rh-dotnet22-dotnet
    1678932 - Error rebuilding rh-dotnet22-curl in CentOS
    1703479 - Broken apphost caused by unset DOTNET_ROOT
    1703508 - Update to .NET Core 1.1.13
    1704454 - Update to .NET Core 1.0.16
    1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107
    1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507
    1705259 - Make bash completion compatible with rh-dotnet22 packages
    1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service
    1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
    1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
    
    6. Package List:
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnet21-2.1-10.el7.src.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-10.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnet22-2.2-7.el7.src.rpm
    rh-dotnet22-curl-7.61.1-2.el7.src.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-7.el7.x86_64.rpm
    rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnet21-2.1-10.el7.src.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-10.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnet22-2.2-7.el7.src.rpm
    rh-dotnet22-curl-7.61.1-2.el7.src.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-7.el7.x86_64.rpm
    rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnet21-2.1-10.el7.src.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-10.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnet22-2.2-7.el7.src.rpm
    rh-dotnet22-curl-7.61.1-2.el7.src.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-7.el7.x86_64.rpm
    rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-0820
    https://access.redhat.com/security/cve/CVE-2019-0980
    https://access.redhat.com/security/cve/CVE-2019-0981
    https://access.redhat.com/security/updates/classification/#moderate
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB
    hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3
    3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH
    kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ
    pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa
    UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN
    NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg
    z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB
    n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP
    DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD
    /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm
    KCZo5tPFVoU=
    =dJ6F
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.