Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 22.04 LTS: USN-6362-2 Critical: Incomplete .NET Denial of Service

ubuntu
Calendar Grey October 25, 2023
Dist Ubuntu Esm H88
New updates addressing the .Net regression issue on Ubuntu aim to fix vulnerabilities and bolster security against Denial of Service threats for users
An incomplete fix was discovered in .Net.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: An incomplete fix was discovered in .Net. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: USN-6362-1 fixed vulnerabilities in .Net. It was discovered that the fix for [CVE-2023-36799](https://ubuntu.com/security/CVE-2023-36799) was incomplete. This update fixes the problem. Original advisory details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu dotnet incomplete fix

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.124-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.113-0ubuntu1~23.04.1 dotnet-host 6.0.124-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.113-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.124-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.113-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.124-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.113-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.124-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.113-0ubuntu1~23.04.1 dotnet6 6.0.124-0ubuntu1~23.04.1 dotnet7 7.0.113-0ubuntu1~23.04.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.124-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.113-0ubuntu1~22.04.1 dotnet-host 6.0.124-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.113-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.124-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.113-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.124-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.113-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.124-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.113-0ubuntu1~22.04.1 dotnet6 6.0.124-0ubuntu1~22.04.1 dotnet7 7.0.113-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6362-2

https://ubuntu.com/security/notices/USN-6362-1

CVE-2023-36799, https://bugs.launchpad.net/ubuntu/+source/dotnet6/+bug/2040207, https://bugs.launchpad.net/ubuntu/+source/dotnet7/+bug/2040208

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6362-2

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu dotnet incomplete fix

Package Information

https://launchpad.net/ubuntu/+source/dotnet6/6.0.124-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.113-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.124-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.113-0ubuntu1~22.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here