RedHat: RHSA-2019-1236:01 Moderate: .NET Core on Red Hat Enterprise Linux

    Date15 May 2019
    CategoryRed Hat
    2156
    Posted ByLinuxSecurity Advisories
    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update
    Advisory ID:       RHSA-2019:1236-01
    Product:           .NET Core on Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1236
    Issue date:        2019-05-15
    CVE Names:         CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 
    =====================================================================
    
    1. Summary:
    
    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,
    rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now
    available for .NET Core on Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
    .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
    
    3. Description:
    
    .NET Core is a managed-software framework. It implements a subset of the
    .NET framework APIs and several new APIs, and it includes a CLR
    implementation.
    
    New versions of .NET Core that address security vulnerabilities are now
    available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and
    2.2.5.
    
    Security Fix(es):
    
    * dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
    
    * dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of
    Service (CVE-2019-0980)
    
    * dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of
    Service (CVE-2019-0981)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
    
    * Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
    
    * Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
    
    * Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1654863 - Re-enable bash completion in rh-dotnet22-dotnet
    1678932 - Error rebuilding rh-dotnet22-curl in CentOS
    1703479 - Broken apphost caused by unset DOTNET_ROOT
    1703508 - Update to .NET Core 1.1.13
    1704454 - Update to .NET Core 1.0.16
    1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107
    1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507
    1705259 - Make bash completion compatible with rh-dotnet22 packages
    1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service
    1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
    1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
    
    6. Package List:
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnet21-2.1-10.el7.src.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-10.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnet22-2.2-7.el7.src.rpm
    rh-dotnet22-curl-7.61.1-2.el7.src.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-7.el7.x86_64.rpm
    rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnet21-2.1-10.el7.src.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-10.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnet22-2.2-7.el7.src.rpm
    rh-dotnet22-curl-7.61.1-2.el7.src.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-7.el7.x86_64.rpm
    rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnet21-2.1-10.el7.src.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-10.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnet22-2.2-7.el7.src.rpm
    rh-dotnet22-curl-7.61.1-2.el7.src.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-7.el7.x86_64.rpm
    rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-0820
    https://access.redhat.com/security/cve/CVE-2019-0980
    https://access.redhat.com/security/cve/CVE-2019-0981
    https://access.redhat.com/security/updates/classification/#moderate
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB
    hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3
    3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH
    kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ
    pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa
    UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN
    NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg
    z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB
    n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP
    DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD
    /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm
    KCZo5tPFVoU=
    =dJ6F
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/technology?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    16
    radio
    [{"id":"61","title":"High levels of security","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"62","title":"High levels of quality ","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"63","title":"Cost-effectiveness ","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"64","title":"Freedom and flexibility ","votes":"5","type":"x","order":"4","pct":83.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.