Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 23.10 Moderate: USN-6634-1 Denial Of Service in .NET

ubuntu
Calendar Grey February 13, 2024
Dist Ubuntu Esm H88
Follow these steps to secure .NET applications on Ubuntu 22.04 LTS and 23.10 against security vulnerabilities and denial of service attacks
Several security issues were fixed in .NET.

Summary

Several security issues were fixed in .NET.

Software Description:

- dotnet6: dotNET CLI tools and runtime

- dotnet7: dotNET CLI tools and runtime

- dotnet8: dotNET CLI tools and runtime

Details:

Brennan Conroy discovered that .NET with SignalR did not properly

handle malicious clients. An attacker could possibly use this issue

to cause a denial of service. (CVE-2024-21386)

Bahaa Naamneh discovered that .NET with OpenSSL support did not

properly parse X509 certificates. An attacker could possibly use

this issue to cause a denial of service. (CVE-2024-21404)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   aspnetcore-runtime-6.0          6.0.127-0ubuntu1~23.10.1
   aspnetcore-runtime-7.0          7.0.116-0ubuntu1~23.10.1
   aspnetcore-runtime-8.0          8.0.2-0ubuntu1~23.10.1
   dotnet-host                     6.0.127-0ubuntu1~23.10.1
   dotnet-host-7.0                 7.0.116-0ubuntu1~23.10.1
   dotnet-host-8.0                 8.0.2-0ubuntu1~23.10.1
   dotnet-hostfxr-6.0              6.0.127-0ubuntu1~23.10.1
   dotnet-hostfxr-7.0              7.0.116-0ubuntu1~23.10.1
   dotnet-hostfxr-8.0              8.0.2-0ubuntu1~23.10.1
   dotnet-runtime-6.0              6.0.127-0ubuntu1~23.10.1
   dotnet-runtime-7.0              7.0.116-0ubuntu1~23.10.1
   dotnet-runtime-8.0              8.0.2-0ubuntu1~23.10.1
   dotnet-sdk-6.0                  6.0.127-0ubuntu1~23.10.1
   dotnet-sdk-7.0                  7.0.116-0ubuntu1~23.10.1
   dotnet-sdk-8.0                  8.0.102-0ubuntu1~23.10.1
   dotnet6                         6.0.127-0ubuntu1~23.10.1
   dotnet7                         7.0.116-0ubuntu1~23.10.1
   dotnet8                         8.0.102-8.0.2-0ubuntu1~23.10.1

Ubuntu 22.04 LTS:
   aspnetcore-runtime-6.0          6.0.127-0ubuntu1~22.04.1
   aspnetcore-runtime-7.0          7.0.116-0ubuntu1~22.04.1
   aspnetcore-runtime-8.0          8.0.2-0ubuntu1~22.04.1
   dotnet-host                     6.0.127-0ubuntu1~22.04.1
   dotnet-host-7.0                 7.0.116-0ubuntu1~22.04.1
   dotnet-host-8.0                 8.0.2-0ubuntu1~22.04.1
   dotnet-hostfxr-6.0              6.0.127-0ubuntu1~22.04.1
   dotnet-hostfxr-7.0              7.0.116-0ubuntu1~22.04.1
   dotnet-hostfxr-8.0              8.0.2-0ubuntu1~22.04.1
   dotnet-runtime-6.0              6.0.127-0ubuntu1~22.04.1
   dotnet-runtime-7.0              7.0.116-0ubuntu1~22.04.1
   dotnet-runtime-8.0              8.0.2-0ubuntu1~22.04.1
   dotnet-sdk-6.0                  6.0.127-0ubuntu1~22.04.1
   dotnet-sdk-7.0                  7.0.116-0ubuntu1~22.04.1
   dotnet-sdk-8.0                  8.0.102-0ubuntu1~22.04.1
   dotnet6                         6.0.127-0ubuntu1~22.04.1
   dotnet7                         7.0.116-0ubuntu1~22.04.1
   dotnet8                         8.0.102-8.0.2-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6634-1

  CVE-2024-21386, CVE-2024-21404

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6634-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here