Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 23.10, 22.04 LTS USN-6693-1 Critical: .NET DoS Threat

ubuntu
Calendar Grey March 12, 2024
Dist Ubuntu Esm H88
Critical notice for Ubuntu users regarding .NET vulnerability leading to denial of service from maliciously designed requests. Immediate update required!
.NET could be made to crash if it processed specially crafted requests.

Summary

.NET could be made to crash if it processed specially crafted requests.

Software Description:

- dotnet7: .NET CLI tools and runtime

- dotnet8: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle certain specially

crafted requests. An attacker could potentially use this issue to cause

a resource leak, leading to a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   aspnetcore-runtime-7.0      7.0.117-0ubuntu1~23.10.1
   aspnetcore-runtime-8.0      8.0.3-0ubuntu1~23.10.1
   dotnet-runtime-7.0              7.0.117-0ubuntu1~23.10.1
   dotnet-runtime-8.0              8.0.3-0ubuntu1~23.10.1
   dotnet7                                  7.0.117-0ubuntu1~23.10.1
   dotnet8 8.0.103-8.0.3-0ubuntu1~23.10.1

Ubuntu 22.04 LTS:
   aspnetcore-runtime-7.0      7.0.117-0ubuntu1~22.04.1
   aspnetcore-runtime-8.0      8.0.3-0ubuntu1~22.04.1
   dotnet-runtime-7.0              7.0.117-0ubuntu1~22.04.1
   dotnet-runtime-8.0              8.0.3-0ubuntu1~22.04.1
   dotnet7                                  7.0.117-0ubuntu1~22.04.1
   dotnet8 8.0.103-8.0.3-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

 

  CVE-2024-21392

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6693-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.