Rocky Linux: RLSA-2024:1311 .NET 8.0 security update
Summary
An update is available for dotnet8.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
aspnetcore-runtime-8.0-0:8.0.3-1.el8_9.aarch64.rpm
aspnetcore-runtime-8.0-0:8.0.3-1.el8_9.x86_64.rpm
aspnetcore-targeting-pack-8.0-0:8.0.3-1.el8_9.aarch64.rpm
aspnetcore-targeting-pack-8.0-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-0:8.0.103-1.el8_9.aarch64.rpm
dotnet-0:8.0.103-1.el8_9.x86_64.rpm
dotnet8.0-0:8.0.103-1.el8_9.src.rpm
dotnet8.0-debuginfo-0:8.0.103-1.el8_9.aarch64.rpm
dotnet8.0-debuginfo-0:8.0.103-1.el8_9.x86_64.rpm
dotnet8.0-debugsource-0:8.0.103-1.el8_9.aarch64.rpm
dotnet8.0-debugsource-0:8.0.103-1.el8_9.x86_64.rpm
dotnet-apphost-pack-8.0-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-apphost-pack-8.0-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-apphost-pack-8.0-debuginfo-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-apphost-pack-8.0-debuginfo-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-host-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-host-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-host-debuginfo-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-host-debuginfo-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-hostfxr-8.0-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-hostfxr-8.0-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-hostfxr-8.0-debuginfo-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-hostfxr-8.0-debuginfo-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-runtime-8.0-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-runtime-8.0-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-runtime-8.0-debuginfo-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-runtime-8.0-debuginfo-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-sdk-8.0-0:8.0.103-1.el8_9.aarch64.rpm
dotnet-sdk-8.0-0:8.0.103-1.el8_9.x86_64.rpm
dotnet-sdk-8.0-debuginfo-0:8.0.103-1.el8_9.aarch64.rpm
dotnet-sdk-8.0-debuginfo-0:8.0.103-1.el8_9.x86_64.rpm
dotnet-sdk-8.0-source-built-artifacts-0:8.0.103-1.el8_9.aarch64.rpm
dotnet-sdk-8.0-source-built-artifacts-0:8.0.103-1.el8_9.x86_64.rpm
dotnet-targeting-pack-8.0-0:8.0.3-1.el8_9.aarch64.rpm
dotnet-targeting-pack-8.0-0:8.0.3-1.el8_9.x86_64.rpm
dotnet-templates-8.0-0:8.0.103-1.el8_9.aarch64.rpm
dotnet-templates-8.0-0:8.0.103-1.el8_9.x86_64.rpm
netstandard-targeting-pack-2.1-0:8.0.103-1.el8_9.aarch64.rpm
netstandard-targeting-pack-2.1-0:8.0.103-1.el8_9.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21392
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2268266