Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.04 USN-6279-1 High Risk: Java Serialization Flaw and Crash

ubuntu
Calendar Grey August 8, 2023
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6278-1 addresses multiple .NET security vulnerabilities that may result in remote code execution or denial of service (DoS) threats
Several security issues were fixed in .NET.

Summary

Several security issues were fixed in .NET.

Software Description:

- dotnet6: dotNET CLI tools and runtime

- dotnet7: dotNET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle the execution of

certain commands. An attacker could possibly use this issue to

achieve remote code execution. (CVE-2023-35390)

Benoit Foucher discovered that .NET did not properly implement the

QUIC stream limit in HTTP/3. An attacker could possibly use this

issue to cause a denial of service. (CVE-2023-38178)

It was discovered that .NET did not properly handle the disconnection

of potentially malicious clients interfacing with a Kestrel server. An

attacker could possibly use this issue to cause a denial of service.

(CVE-2023-38180)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
    aspnetcore-runtime-6.0          6.0.121-0ubuntu1~23.04.1
    aspnetcore-runtime-7.0          7.0.110-0ubuntu1~23.04.1
    dotnet-host 6.0.121-0ubuntu1~23.04.1
    dotnet-host-7.0                       7.0.110-0ubuntu1~23.04.1
    dotnet-hostfxr-6.0                   6.0.121-0ubuntu1~23.04.1
    dotnet-hostfxr-7.0                   7.0.110-0ubuntu1~23.04.1
    dotnet-runtime-6.0                  6.0.121-0ubuntu1~23.04.1
    dotnet-runtime-7.0                  7.0.110-0ubuntu1~23.04.1
    dotnet-sdk-6.0                        6.0.121-0ubuntu1~23.04.1
    dotnet-sdk-7.0                        7.0.110-0ubuntu1~23.04.1
    dotnet6 6.0.121-0ubuntu1~23.04.1
    dotnet7 7.0.110-0ubuntu1~23.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6278-1

   CVE-2023-35390, CVE-2023-38178, CVE-2023-38180

Ubuntu Security Notice USN-6278-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here