Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Rocky Linux 8 RLSA-2023:4643 Important: .NET 7.0 RCE And DoS Fixes

rocky
Calendar Grey October 6, 2023
Rockylinux Esm H88
An essential patch rollout for .NET 7.0 has been issued, targeting significant vulnerabilities related to RCE and DoS assaults on Rocky Linux 8.

Important: .NET 7.0 security, bug fix, and enhancement update

Summary

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


RPMs

aspnetcore-runtime-7.0-0:7.0.10-1.el8_8.aarch64.rpm

aspnetcore-targeting-pack-7.0-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-0:7.0.110-1.el8_8.aarch64.rpm

dotnet7.0-0:7.0.110-1.el8_8.src.rpm

dotnet7.0-debuginfo-0:7.0.110-1.el8_8.aarch64.rpm

dotnet7.0-debugsource-0:7.0.110-1.el8_8.aarch64.rpm

dotnet-apphost-pack-7.0-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-apphost-pack-7.0-debuginfo-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-host-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-host-debuginfo-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-hostfxr-7.0-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-hostfxr-7.0-debuginfo-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-runtime-7.0-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-runtime-7.0-debuginfo-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-sdk-7.0-0:7.0.110-1.el8_8.aarch64.rpm

dotnet-sdk-7.0-debuginfo-0:7.0.110-1.el8_8.aarch64.rpm

dotnet-sdk-7.0-source-built-artifacts-0:7.0.110-1.el8_8.aarch64.rpm

dotnet-targeting-pack-7.0-0:7.0.10-1.el8_8.aarch64.rpm

dotnet-templates-7.0-0:7.0.110-1.el8_8.aarch64.rpm

Read the Full Advisory

References

No references

CVES

https://www.cve.org/CVERecord?id=CVE-2023-35390

https://www.cve.org/CVERecord?id=CVE-2023-38180

Severity
important

Name: RLSA-2023:4643
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2228621

https://bugzilla.redhat.com/show_bug.cgi?id=2228622


Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here