==========================================================================
Ubuntu Security Notice USN-6362-1
September 12, 2023

dotnet6, dotnet7 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

.NET could be made to crash if it received a specially crafted request.

Software Description:
- dotnet6: dotNET CLI tools and runtime
- dotnet7: dotNET CLI tools and runtime

Details:

Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   aspnetcore-runtime-6.0           6.0.122-0ubuntu1~23.04.1
   aspnetcore-runtime-7.0           7.0.111-0ubuntu1~23.04.1
   dotnet-host 6.0.122-0ubuntu1~23.04.1
   dotnet-host-7.0                        7.0.111-0ubuntu1~23.04.1
   dotnet-hostfxr-6.0                    6.0.122-0ubuntu1~23.04.1
   dotnet-hostfxr-7.0                    7.0.111-0ubuntu1~23.04.1
   dotnet-runtime-6.0                   6.0.122-0ubuntu1~23.04.1
   dotnet-runtime-7.0                   7.0.111-0ubuntu1~23.04.1
   dotnet-sdk-6.0                          6.0.122-0ubuntu1~23.04.1
   dotnet-sdk-7.0                          7.0.111-0ubuntu1~23.04.1
   dotnet6 6.0.122-0ubuntu1~23.04.1
   dotnet7 7.0.111-0ubuntu1~23.04.1

Ubuntu 22.04 LTS:
   aspnetcore-runtime-6.0          6.0.122-0ubuntu1~22.04.1
   aspnetcore-runtime-7.0          7.0.111-0ubuntu1~22.04.1
   dotnet-host                             6.0.122-0ubuntu1~22.04.1
   dotnet-host-7.0                       7.0.111-0ubuntu1~22.04.1
   dotnet-hostfxr-6.0                   6.0.122-0ubuntu1~22.04.1
   dotnet-hostfxr-7.0                   7.0.111-0ubuntu1~22.04.1
   dotnet-runtime-6.0                  6.0.122-0ubuntu1~22.04.1
   dotnet-runtime-7.0                  7.0.111-0ubuntu1~22.04.1
   dotnet-sdk-6.0                        6.0.122-0ubuntu1~22.04.1
   dotnet-sdk-7.0                        7.0.111-0ubuntu1~22.04.1
   dotnet6 6.0.122-0ubuntu1~22.04.1
   dotnet7 7.0.111-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6362-1
   CVE-2023-36799

Package Information:
https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~23.04.1
https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~23.04.1
https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~22.04.1
https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~22.04.1

Ubuntu 6362-1: .NET vulnerability

September 12, 2023
.NET could be made to crash if it received a specially crafted request.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: .NET could be made to crash if it received a specially crafted request. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04:   aspnetcore-runtime-6.0           6.0.122-0ubuntu1~23.04.1   aspnetcore-runtime-7.0           7.0.111-0ubuntu1~23.04.1   dotnet-host 6.0.122-0ubuntu1~23.04.1   dotnet-host-7.0                        7.0.111-0ubuntu1~23.04.1   dotnet-hostfxr-6.0                    6.0.122-0ubuntu1~23.04.1   dotnet-hostfxr-7.0                    7.0.111-0ubuntu1~23.04.1   dotnet-runtime-6.0                   6.0.122-0ubuntu1~23.04.1   dotnet-runtime-7.0                   7.0.111-0ubuntu1~23.04.1   dotnet-sdk-6.0                          6.0.122-0ubuntu1~23.04.1   dotnet-sdk-7.0                          7.0.111-0ubuntu1~23.04.1   dotnet6 6.0.122-0ubuntu1~23.04.1   dotnet7 7.0.111-0ubuntu1~23.04.1 Ubuntu 22.04 LTS:   aspnetcore-runtime-6.0          6.0.122-0ubuntu1~22.04.1   aspnetcore-runtime-7.0          7.0.111-0ubuntu1~22.04.1   dotnet-host                             6.0.122-0ubuntu1~22.04.1   dotnet-host-7.0                       7.0.111-0ubuntu1~22.04.1   dotnet-hostfxr-6.0                   6.0.122-0ubuntu1~22.04.1   dotnet-hostfxr-7.0                   7.0.111-0ubuntu1~22.04.1   dotnet-runtime-6.0                  6.0.122-0ubuntu1~22.04.1   dotnet-runtime-7.0                  7.0.111-0ubuntu1~22.04.1   dotnet-sdk-6.0                        6.0.122-0ubuntu1~22.04.1   dotnet-sdk-7.0                        7.0.111-0ubuntu1~22.04.1   dotnet6 6.0.122-0ubuntu1~22.04.1   dotnet7 7.0.111-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6362-1

  CVE-2023-36799

Severity
Ubuntu Security Notice USN-6362-1

Package Information

https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~22.04.1

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved