Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 24.04 LTS USN-6889-1 Warning: Serious .NET Denial of Service Bugs

ubuntu
Calendar Grey July 10, 2024
Dist Ubuntu Esm H88
Important patches now accessible for Ubuntu versions 24.04, 23.10, and 22.04, tackling various vulnerabilities found in .NET frameworks.
Several security issues were fixed in dotnet6, dotnet8.

Summary

Several security issues were fixed in dotnet6, dotnet8.

Software Description:

- dotnet8: .NET CLI tools and runtime

- dotnet6: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle object

deserialization. An attacker could possibly use this issue to cause

a denial of service. (CVE-2024-30105)

Radek Zikmund discovered that .NET did not properly manage memory. An

attacker could use this issue to cause a denial of service or possibly

execute arbitrary code. (CVE-2024-35264)

It was discovered that .NET did not properly parse X.509 Content and

ObjectIdentifiers. An attacker could possibly use this issue to cause

a denial of service. (CVE-2024-38095)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   aspnetcore-runtime-8.0          8.0.7-0ubuntu1~24.04.1
   dotnet-host-8.0                 8.0.7-0ubuntu1~24.04.1
   dotnet-hostfxr-8.0              8.0.7-0ubuntu1~24.04.1
   dotnet-runtime-8.0              8.0.7-0ubuntu1~24.04.1
   dotnet-sdk-8.0                  8.0.107-0ubuntu1~24.04.1
   dotnet8                         8.0.107-8.0.7-0ubuntu1~24.04.1

Ubuntu 23.10
   aspnetcore-runtime-6.0          6.0.132-0ubuntu1~23.10.1
   aspnetcore-runtime-8.0          8.0.7-0ubuntu1~23.10.1
   dotnet-host                     6.0.132-0ubuntu1~23.10.1
   dotnet-host-8.0                 8.0.7-0ubuntu1~23.10.1
   dotnet-hostfxr-6.0              6.0.132-0ubuntu1~23.10.1
   dotnet-hostfxr-8.0              8.0.7-0ubuntu1~23.10.1
   dotnet-runtime-6.0              6.0.132-0ubuntu1~23.10.1
   dotnet-runtime-8.0              8.0.7-0ubuntu1~23.10.1
   dotnet-sdk-6.0                  6.0.132-0ubuntu1~23.10.1
   dotnet-sdk-8.0                  8.0.107-0ubuntu1~23.10.1
   dotnet6                         6.0.132-0ubuntu1~23.10.1
   dotnet8                         8.0.107-8.0.7-0ubuntu1~23.10.1

Ubuntu 22.04 LTS
   aspnetcore-runtime-6.0          6.0.132-0ubuntu1~22.04.1
   aspnetcore-runtime-8.0          8.0.7-0ubuntu1~22.04.1
   dotnet-host                     6.0.132-0ubuntu1~22.04.1
   dotnet-host-8.0                 8.0.7-0ubuntu1~22.04.1
   dotnet-hostfxr-6.0              6.0.132-0ubuntu1~22.04.1
   dotnet-hostfxr-8.0              8.0.7-0ubuntu1~22.04.1
   dotnet-runtime-6.0              6.0.132-0ubuntu1~22.04.1
   dotnet-runtime-8.0              8.0.7-0ubuntu1~22.04.1
   dotnet-sdk-6.0                  6.0.132-0ubuntu1~22.04.1
   dotnet-sdk-8.0                  8.0.107-0ubuntu1~22.04.1
   dotnet6                         6.0.132-0ubuntu1~22.04.1
   dotnet8                         8.0.107-8.0.7-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6889-1

  CVE-2024-30105, CVE-2024-35264, CVE-2024-38095

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6889-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here