Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
172
security advisorydenial of servicesoftware updateUbuntu 24.04 LTS 7058-1 critical: dotnet6 & dotnet8 remote execution risk
Several security issues were fixed in dotnet6, dotnet8.. ========================================================================== Ubuntu Security Notice USN-7058-1 October 08, 2024 dotnet6, dotnet8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in dotnet6, dotnet8. Software Description: - dotnet8: .NET CLI tools and runtime - dotnet6: .NET CLI tools and runtime Details: Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-38229) It was discovered that .NET components designed to process malicious input were susceptible to hash flooding attacks. An attacker could possibly use this issue to cause a denial of service, resulting in a crash. (CVE-2024-43483) It was discovered that the .NET System.IO.Packaging namespace did not properly process SortedList data structures. An attacker could possibly use this issue to cause a denial of service, resulting in a crash. (CVE-2024-43484) It was discovered that .NET did not properly handle the deserialization of of certain JSON properties. An attacker could possibly use this issue to cause a denial of service, resulting in a crash. (CVE-2024-43485) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS aspnetcore-runtime-8.0 8.0.10-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.10-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.10-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.10-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.110-0ubuntu1~24.04.1 dotnet8 8.0.110-8.0.10-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-6.0 6.0.135-0ubuntu1~22.04.1 aspnetcore-runtime-8.0 8.0.10-0ubuntu1~22.04.1 dotnet-host 6.0.135-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.10-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.135-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.10-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.135-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.10-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.135-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.110-0ubuntu1~22.04.1 dotnet6 6.0.135-0ubuntu1~22.04.1 dotnet8 8.0.110-8.0.10-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7058-1 CVE-2024-38229, CVE-2024-43483, CVE-2024-43484, CVE-2024-43485 Package Information: https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.135-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1~22.04.1 . The latest releases of dotnet6 and dotnet8 tackle major vulnerabilities impacting Ubuntu versions 22.04 and 24.04. Ensure your systems are secure today!. Ubuntu Security Notice,dotnet updates,remote execution fix,software patch. . Severity: Critical. LinuxSecurity.com Team
Oct 08, 2024
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 23.10 USN-6438-1 Critical: .NET Denial Of Service Issues
Several security issues were fixed in dotnet6, dotnet7.. ========================================================================== Ubuntu Security Notice USN-6438-1 October 19, 2023 dotnet6, dotnet7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 Summary: Several security issues were fixed in dotnet6, dotnet7. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799) It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.123-0ubuntu1 aspnetcore-runtime-7.0 7.0.112-0ubuntu1 dotnet-host 6.0.123-0ubuntu1 dotnet-host-7.0 7.0.112-0ubuntu1 dotnet-hostfxr-6.0 6.0.123-0ubuntu1 dotnet-hostfxr-7.0 7.0.112-0ubuntu1 dotnet-runtime-6.0 6.0.123-0ubuntu1 dotnet-runtime-7.0 7.0.112-0ubuntu1 dotnet-sdk-6.0 6.0.123-0ubuntu1 dotnet-sdk-7.0 7.0.112-0ubuntu1 dotnet6 6.0.123-0ubuntu1 dotnet7 7.0.112-0ubuntu1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6438-1 CVE-2023-36799, CVE-2023-44487 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.123-0ubuntu1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.112-0ubuntu1 . Securing .NET on Ubuntu 23.10 requires updating dotnet6 and dotnet7. Follow steps to check versions, update packages, and ensure security compliance.. dotnet Security Updates, Ubuntu 23.10, .NET CLI Tools. . Severity: Critical. LinuxSecurity.com Team
Oct 19, 2023
•Critical
Ubuntu
89
security advisorymoderatesecurity updateFedora 38: FEDORA-2023-feda45bc39 Moderate: .NET 6 Core SignInManager Issue
This is the July 2023 update for .NET 6. It updates the SDK to 6.0.120 and Runtime to 6.0.20. https://github.com/dotnet/announcements/issues/262. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-feda45bc39 2023-07-22 01:21:09.480791 -------------------------------------------------------------------------------- Name : dotnet6.0 Product : Fedora 38 Version : 6.0.120 Release : 1.fc38 URL : https://github.com/dotnet/ Summary : .NET Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. --------------------------------------------------------------------------------Update Information: This is the July 2023 update for .NET 6. It updates the SDK to 6.0.120 and Runtime to 6.0.20. https://github.com/dotnet/announcements/issues/262 --------------------------------------------------------------------------------ChangeLog: * Tue Jul 11 2023 Omair Majid - 6.0.120-1 - Update to .NET SDK 6.0.120 and Runtime 6.0.20 --------------------------------------------------------------------------------References: [ 1 ] Bug #2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager PasswordSignInAsync method https://bugzilla.redhat.com/show_bug.cgi?id=2221854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-feda45bc39' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 22, 2023
Fedora
172
security advisorycriticalprivilege escalationUbuntu 23.04 LTS USN-6161-1 Critical: dotnet6, dotnet7 DoS Threats
Several security issues were fixed in .NET.. =========================================================================Ubuntu Security Notice USN-6161-1 June 13, 2023 dotnet6, dotnet7 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. (CVE-2023-24936) Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-29331) Kalle Niemitalo discovered that the .NET package manager, NuGet, was susceptible to a potential race condition. An attacker could possibly use this issue to perform remote code execution. (CVE-2023-29337) Tom Deseyn discovered that .NET did not properly process certain arguments when extracting the contents of a tar file. An attacker could possibly use this issue to elevate their privileges. This issue only affected the dotnet7 package. (CVE-2023-32032) It was discovered that .NET did not properly handle memory in certain circumstances. An attacker could possibly use this issue to cause a denial of service or perform remote code execution. (CVE-2023-33128) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-host 6.0.118-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~23.04.1 dotnet6 6.0.118-0ubuntu1~23.04.1 dotnet7 7.0.107-0ubuntu1~23.04.1 Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~22.10.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-host 6.0.118-0ubuntu1~22.10.1 dotnet-host-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~22.10.1 dotnet6 6.0.118-0ubuntu1~22.10.1 dotnet7 7.0.107-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-host 6.0.118-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~22.04.1 dotnet6 6.0.118-0ubuntu1~22.04.1 dotnet7 7.0.107-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6161-1 CVE-2023-24936, CVE-2023-29331, CVE-2023-29337, CVE-2023-32032, CVE-2023-33128 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~22.04.1 . Updates to resolve multiple .NET vulnerabilities on Ubuntu 23.04, 22.10, and 22.04 LTS are now available, tackling unauthorized access and DoS threats. dotnet Issues, Ubuntu Security Notice, Software Update, Privilege Escalation, DoS Attack. . Severity: Critical. LinuxSecurity.com Team
Jun 13, 2023
•Critical
Ubuntu
172
security advisorydenial of serviceupdateUbuntu 22.10 & 22.04 LTS: USN-5798-1 Critical dotnet6 Denial Of Service
dotnet6 could be made to crash if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-5798-1 January 10, 2023 dotnet6 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: dotnet6 could be made to crash if it received specially crafted network traffic. Software Description: - dotnet6: dotNET CLI tools and runtime Details: Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.113-0ubuntu1~22.10.1 dotnet-host 6.0.113-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.113-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.113-0ubuntu1~22.10.1 dotnet-sdk-6.0 6.0.113-0ubuntu1~22.10.1 dotnet6 6.0.113-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.113-0ubuntu1~22.04.1 dotnet-host 6.0.113-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.113-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.113-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.113-0ubuntu1~22.04.1 dotnet6 6.0.113-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5798-1 CVE-2023-21538 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.113-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.113-0ubuntu1~22.04.1 . Mitigating dotnet6 failure potential in Ubuntu via critical patches, guaranteeing stability against deliberately manipulated network packets.. dotnet6 denial of service, Ubuntu dotnet6 update, network traffic vulnerability. . Severity: Critical. LinuxSecurity.com Team
Jan 10, 2023
•Critical
Ubuntu
172
security advisorycriticalarbitrary code executionUbuntu 22.04 LTS: USN-5670-1 Critical: .NET 6 Arbitrary Code Execution
.NET 6 could be made to execute arbitrary code.. =========================================================================Ubuntu Security Notice USN-5670-1 October 11, 2022 dotnet6 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: .NET 6 could be made to execute arbitrary code. Software Description: - dotnet6: dotNET CLI tools and runtime Details: Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-host 6.0.110-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.110-0ubuntu1~22.04.1 dotnet6 6.0.110-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5670-1 CVE-2022-41032 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.110-0ubuntu1~22.04.1 . Worried about security flaws in .NET 6? Upgrade Ubuntu to mitigate risks of arbitrary code execution. Discover how!. Ubuntu 22.04, .NET 6, security notice, software update. . Severity: Critical. LinuxSecurity.com Team
Oct 11, 2022
•Critical
Ubuntu
172
security advisorycriticalDoSUbuntu 22.04: USN-5609-1 Critical: .NET 6 DoS Attack Preparation
.NET 6 could be made to crash if it parsed a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5609-1 September 13, 2022 dotnet6 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: .NET 6 could be made to crash if it parsed a specially crafted file. Software Description: - dotnet6: dotNET CLI tools and runtime Details: Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.109-0ubuntu1~22.04.1 dotnet-host 6.0.109-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.109-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.109-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.109-0ubuntu1~22.04.1 dotnet6 6.0.109-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. A restart may be required after the update if any affected files are being used. References: https://ubuntu.com/security/notices/USN-5609-1 CVE-2022-38013 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.109-0ubuntu1~22.04.1 . Enhance your Ubuntu installation to address the .NET 6 failure highlighted in USN-5609-1. Discover further details regarding the resolution.. dotnet6 threat, Ubuntu 22.04 update, DoS fix. . Severity: Critical. LinuxSecurity.com Team
Sep 13, 2022
•Critical
Ubuntu
89
security advisorysecurity updateFedoraFedora 35: FEDORA-2022-48ab445ac5 Critical Dotnet6.0 Security Update
This is the June 2022 monthly release for .NET 6. This updates .NET SDK to 6.0.106 and Runtime to 6.0.6. It includes at least one known security fix. Upstream release notes: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.6/6.0.6.md. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-48ab445ac5 2022-06-26 01:18:35.111856 --------------------------------------------------------------------------------Name : dotnet6.0 Product : Fedora 35 Version : 6.0.106 Release : 1.fc35 URL : https://github.com/dotnet/ Summary : .NET Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. --------------------------------------------------------------------------------Update Information: This is the June 2022 monthly release for .NET 6. This updates .NET SDK to 6.0.106 and Runtime to 6.0.6. It includes at least one known security fix. Upstream release notes: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.6/6.0.6.md --------------------------------------------------------------------------------ChangeLog: * Wed Jun 15 2022 Omair Majid - 6.0.106-1 - Update to .NET SDK 6.0.106 and Runtime 6.0.6 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-48ab445ac5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 25, 2022
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!