==========================================================================
Ubuntu Security Notice USN-6362-1
September 12, 2023

dotnet6, dotnet7 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

.NET could be made to crash if it received a specially crafted request.

Software Description:
- dotnet6: dotNET CLI tools and runtime
- dotnet7: dotNET CLI tools and runtime

Details:

Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   aspnetcore-runtime-6.0           6.0.122-0ubuntu1~23.04.1
   aspnetcore-runtime-7.0           7.0.111-0ubuntu1~23.04.1
   dotnet-host 6.0.122-0ubuntu1~23.04.1
   dotnet-host-7.0                        7.0.111-0ubuntu1~23.04.1
   dotnet-hostfxr-6.0                    6.0.122-0ubuntu1~23.04.1
   dotnet-hostfxr-7.0                    7.0.111-0ubuntu1~23.04.1
   dotnet-runtime-6.0                   6.0.122-0ubuntu1~23.04.1
   dotnet-runtime-7.0                   7.0.111-0ubuntu1~23.04.1
   dotnet-sdk-6.0                          6.0.122-0ubuntu1~23.04.1
   dotnet-sdk-7.0                          7.0.111-0ubuntu1~23.04.1
   dotnet6 6.0.122-0ubuntu1~23.04.1
   dotnet7 7.0.111-0ubuntu1~23.04.1

Ubuntu 22.04 LTS:
   aspnetcore-runtime-6.0          6.0.122-0ubuntu1~22.04.1
   aspnetcore-runtime-7.0          7.0.111-0ubuntu1~22.04.1
   dotnet-host                             6.0.122-0ubuntu1~22.04.1
   dotnet-host-7.0                       7.0.111-0ubuntu1~22.04.1
   dotnet-hostfxr-6.0                   6.0.122-0ubuntu1~22.04.1
   dotnet-hostfxr-7.0                   7.0.111-0ubuntu1~22.04.1
   dotnet-runtime-6.0                  6.0.122-0ubuntu1~22.04.1
   dotnet-runtime-7.0                  7.0.111-0ubuntu1~22.04.1
   dotnet-sdk-6.0                        6.0.122-0ubuntu1~22.04.1
   dotnet-sdk-7.0                        7.0.111-0ubuntu1~22.04.1
   dotnet6 6.0.122-0ubuntu1~22.04.1
   dotnet7 7.0.111-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6362-1
   CVE-2023-36799

Package Information:
https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~23.04.1
https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~23.04.1
https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~22.04.1
https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~22.04.1

Ubuntu 6362-1: .NET vulnerability

September 12, 2023
.NET could be made to crash if it received a specially crafted request.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: .NET could be made to crash if it received a specially crafted request. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04:   aspnetcore-runtime-6.0           6.0.122-0ubuntu1~23.04.1   aspnetcore-runtime-7.0           7.0.111-0ubuntu1~23.04.1   dotnet-host 6.0.122-0ubuntu1~23.04.1   dotnet-host-7.0                        7.0.111-0ubuntu1~23.04.1   dotnet-hostfxr-6.0                    6.0.122-0ubuntu1~23.04.1   dotnet-hostfxr-7.0                    7.0.111-0ubuntu1~23.04.1   dotnet-runtime-6.0                   6.0.122-0ubuntu1~23.04.1   dotnet-runtime-7.0                   7.0.111-0ubuntu1~23.04.1   dotnet-sdk-6.0                          6.0.122-0ubuntu1~23.04.1   dotnet-sdk-7.0                          7.0.111-0ubuntu1~23.04.1   dotnet6 6.0.122-0ubuntu1~23.04.1   dotnet7 7.0.111-0ubuntu1~23.04.1 Ubuntu 22.04 LTS:   aspnetcore-runtime-6.0          6.0.122-0ubuntu1~22.04.1   aspnetcore-runtime-7.0          7.0.111-0ubuntu1~22.04.1   dotnet-host                             6.0.122-0ubuntu1~22.04.1   dotnet-host-7.0                       7.0.111-0ubuntu1~22.04.1   dotnet-hostfxr-6.0                   6.0.122-0ubuntu1~22.04.1   dotnet-hostfxr-7.0                   7.0.111-0ubuntu1~22.04.1   dotnet-runtime-6.0                  6.0.122-0ubuntu1~22.04.1   dotnet-runtime-7.0                  7.0.111-0ubuntu1~22.04.1   dotnet-sdk-6.0                        6.0.122-0ubuntu1~22.04.1   dotnet-sdk-7.0                        7.0.111-0ubuntu1~22.04.1   dotnet6 6.0.122-0ubuntu1~22.04.1   dotnet7 7.0.111-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6362-1

  CVE-2023-36799

Severity
Ubuntu Security Notice USN-6362-1

Package Information

https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.122-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.111-0ubuntu1~22.04.1

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo