Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.10 USN-6438-1 Critical: .NET Denial Of Service Issues

ubuntu
Calendar Grey October 19, 2023
Dist Ubuntu Esm H88
Securing .NET on Ubuntu 23.10 requires updating dotnet6 and dotnet7. Follow steps to check versions, update packages, and ensure security compliance.
Several security issues were fixed in dotnet6, dotnet7.

Summary

Several security issues were fixed in dotnet6, dotnet7.

Software Description:

- dotnet6: dotNET CLI tools and runtime

- dotnet7: dotNET CLI tools and runtime

Details:

Kevin Jones discovered that .NET did not properly process certain

X.509 certificates. An attacker could possibly use this issue to

cause a denial of service. (CVE-2023-36799)

It was discovered that the .NET Kestrel web server did not properly

handle HTTP/2 requests. A remote attacker could possibly use this

issue to cause a denial of service. (CVE-2023-44487)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
    aspnetcore-runtime-6.0    6.0.123-0ubuntu1
    aspnetcore-runtime-7.0    7.0.112-0ubuntu1
    dotnet-host                       6.0.123-0ubuntu1
    dotnet-host-7.0                 7.0.112-0ubuntu1
    dotnet-hostfxr-6.0             6.0.123-0ubuntu1
    dotnet-hostfxr-7.0             7.0.112-0ubuntu1
    dotnet-runtime-6.0           6.0.123-0ubuntu1
    dotnet-runtime-7.0           7.0.112-0ubuntu1
    dotnet-sdk-6.0                  6.0.123-0ubuntu1
    dotnet-sdk-7.0                  7.0.112-0ubuntu1
    dotnet6                             6.0.123-0ubuntu1
    dotnet7                             7.0.112-0ubuntu1

In general, a standard system update will make all the necessary changes.

References

   https://ubuntu.com/security/notices/USN-6438-1

   CVE-2023-36799, CVE-2023-44487

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6438-1

Package Information

   https://launchpad.net/ubuntu/+source/dotnet6/6.0.123-0ubuntu1
   https://launchpad.net/ubuntu/+source/dotnet7/7.0.112-0ubuntu1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here