RedHat: RHSA-2019-1259:01 Important: dotnet security, bug fix,

    Date22 May 2019
    CategoryRed Hat
    3392
    Posted ByLinuxSecurity Advisories
    An update for dotnet is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: dotnet security, bug fix, and enhancement update
    Advisory ID:       RHSA-2019:1259-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1259
    Issue date:        2019-05-22
    CVE Names:         CVE-2019-0757 CVE-2019-0820 CVE-2019-0980 
                       CVE-2019-0981 
    =====================================================================
    
    1. Summary:
    
    An update for dotnet is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AppStream (v. 8) - x86_64
    
    3. Description:
    
    .NET Core is a managed-software framework. It implements a subset of the
    .NET framework APIs and several new APIs, and it includes a CLR
    implementation.
    
    A new version of .NET Core that address security vulnerabilities is now
    available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507.
    
    Security Fix(es):
    
    * dotnet: NuGet Tampering Vulnerability (CVE-2019-0757)
    
    * dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820)
    
    * dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of
    Service (CVE-2019-0980)
    
    * dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of
    Service (CVE-2019-0981)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * dotnet: new SocketException((int)SocketError.InvalidArgument).Message is
    empty (BZ#1712471)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability
    1696836 - Update .NET Core 2.1 to Runtime 2.1.10 and SDK 2.1.506
    1705502 - CVE-2019-0980 dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service
    1705504 - CVE-2019-0981 dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
    1705506 - CVE-2019-0820 dotnet: timeouts for regular expressions are not enforced
    1710068 - Update .NET Core 2.1 to Runtime 2.1.11 and SDK 2.1.507
    1712471 - new SocketException((int)SocketError.InvalidArgument).Message is empty
    
    6. Package List:
    
    Red Hat Enterprise Linux AppStream (v. 8):
    
    Source:
    dotnet-2.1.507-2.el8_0.src.rpm
    
    x86_64:
    dotnet-2.1.507-2.el8_0.x86_64.rpm
    dotnet-debuginfo-2.1.507-2.el8_0.x86_64.rpm
    dotnet-debugsource-2.1.507-2.el8_0.x86_64.rpm
    dotnet-host-2.1.11-2.el8_0.x86_64.rpm
    dotnet-host-debuginfo-2.1.11-2.el8_0.x86_64.rpm
    dotnet-host-fxr-2.1-2.1.11-2.el8_0.x86_64.rpm
    dotnet-host-fxr-2.1-debuginfo-2.1.11-2.el8_0.x86_64.rpm
    dotnet-runtime-2.1-2.1.11-2.el8_0.x86_64.rpm
    dotnet-runtime-2.1-debuginfo-2.1.11-2.el8_0.x86_64.rpm
    dotnet-sdk-2.1-2.1.507-2.el8_0.x86_64.rpm
    dotnet-sdk-2.1.5xx-2.1.507-2.el8_0.x86_64.rpm
    dotnet-sdk-2.1.5xx-debuginfo-2.1.507-2.el8_0.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-0757
    https://access.redhat.com/security/cve/CVE-2019-0820
    https://access.redhat.com/security/cve/CVE-2019-0980
    https://access.redhat.com/security/cve/CVE-2019-0981
    https://access.redhat.com/security/updates/classification/#important
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
    https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXOUjC9zjgjWX9erEAQijlA//ZpCMAwMddsDWWzW0pVP6ne4fAGnloPLS
    lxiZntJ7Pw+6z0PKDXnwVbJsI1O+FvDggblYb7ahlVcpqhcIJtET9V5hb/luE/MC
    uplpk05Fuqkd+niAlHnUP/5eMv1pRNIOoKVLLdfSjskYm0MirRgvs1ZVttttsynE
    A1s5HCVxcUjLWH/coYOVDttTo1ZiJjsQU7HWF74TPHq+t2nTf1Q9cz329NYLPCcN
    yPrGfD2RaBfA7Wx8yVzDYVBo0dsvsixaruaSSwT+RRQj/vDnoEY+rGeqYRBgHe9V
    qvZnNcMC5eizOtzfzrfnMibuHcN/zeOG+NHDNvcbvwQcGi7RRlYx6q5O0ZQ9KudA
    NYh76/RAyQ9CwnilMBC/aX7zPQ9OHFauEpEovCvUkCpCTItPNKlZrq6o6xaEMtcb
    xFmbAjMiJoHzrSUcfnt3PG/IMx2TSMIfc8bsBQF2XIohzulTfPpsLge+AgJqqJw9
    VfeHlcNlIAh+e93X9/urCEhBJs+pWZx9VVd/xmRZzcYlBf2bBUDKEksCJkL2nT46
    WuOoKRAszbfAJbgft8Z+nhP3fm281sp83/LSJ9K60NwHmmgddNEyrP7RvodBHLSA
    oJ6ocMgnBVHLmvs+jdDINNL+ImY838taY5DuxC18FrFSji6iqQK0dblFe8p6iloQ
    roCC4T9QbTc=
    =cdSb
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    20
    radio
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]},{"id":"75","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.