Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorydenial of servicecriticalUbuntu 23.10, 22.04 LTS USN-6693-1 Critical: .NET DoS Threat
.NET could be made to crash if it processed specially crafted requests.. ========================================================================== Ubuntu Security Notice USN-6693-1 March 12, 2024 dotnet7, dotnet8 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS Summary: .NET could be made to crash if it processed specially crafted requests. Software Description: - dotnet7: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime Details: It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-7.0 7.0.117-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.3-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.117-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.3-0ubuntu1~23.10.1 dotnet7 7.0.117-0ubuntu1~23.10.1 dotnet8 8.0.103-8.0.3-0ubuntu1~23.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-7.0 7.0.117-0ubuntu1~22.04.1 aspnetcore-runtime-8.0 8.0.3-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.117-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.3-0ubuntu1~22.04.1 dotnet7 7.0.117-0ubuntu1~22.04.1 dotnet8 8.0.103-8.0.3-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: CVE-2024-21392 PackageInformation: https://launchpad.net/ubuntu/+source/dotnet7/7.0.117-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.103-8.0.3-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.117-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.103-8.0.3-0ubuntu1~22.04.1 . Critical notice for Ubuntu users regarding .NET vulnerability leading to denial of service from maliciously designed requests. Immediate update required!. Ubuntu Security Patch, Dotnet Vulnerability, .NET Update. . Severity: Critical. LinuxSecurity.com Team
Mar 12, 2024
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 23.10 USN-6438-1 Critical: .NET Denial Of Service Issues
Several security issues were fixed in dotnet6, dotnet7.. ========================================================================== Ubuntu Security Notice USN-6438-1 October 19, 2023 dotnet6, dotnet7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 Summary: Several security issues were fixed in dotnet6, dotnet7. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799) It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.123-0ubuntu1 aspnetcore-runtime-7.0 7.0.112-0ubuntu1 dotnet-host 6.0.123-0ubuntu1 dotnet-host-7.0 7.0.112-0ubuntu1 dotnet-hostfxr-6.0 6.0.123-0ubuntu1 dotnet-hostfxr-7.0 7.0.112-0ubuntu1 dotnet-runtime-6.0 6.0.123-0ubuntu1 dotnet-runtime-7.0 7.0.112-0ubuntu1 dotnet-sdk-6.0 6.0.123-0ubuntu1 dotnet-sdk-7.0 7.0.112-0ubuntu1 dotnet6 6.0.123-0ubuntu1 dotnet7 7.0.112-0ubuntu1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6438-1 CVE-2023-36799, CVE-2023-44487 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.123-0ubuntu1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.112-0ubuntu1 . Securing .NET on Ubuntu 23.10 requires updating dotnet6 and dotnet7. Follow steps to check versions, update packages, and ensure security compliance.. dotnet Security Updates, Ubuntu 23.10, .NET CLI Tools. . Severity: Critical. LinuxSecurity.com Team
Oct 19, 2023
•Critical
Ubuntu
172
security advisorycriticalprivilege escalationUbuntu 23.04 LTS USN-6161-1 Critical: dotnet6, dotnet7 DoS Threats
Several security issues were fixed in .NET.. =========================================================================Ubuntu Security Notice USN-6161-1 June 13, 2023 dotnet6, dotnet7 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. (CVE-2023-24936) Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-29331) Kalle Niemitalo discovered that the .NET package manager, NuGet, was susceptible to a potential race condition. An attacker could possibly use this issue to perform remote code execution. (CVE-2023-29337) Tom Deseyn discovered that .NET did not properly process certain arguments when extracting the contents of a tar file. An attacker could possibly use this issue to elevate their privileges. This issue only affected the dotnet7 package. (CVE-2023-32032) It was discovered that .NET did not properly handle memory in certain circumstances. An attacker could possibly use this issue to cause a denial of service or perform remote code execution. (CVE-2023-33128) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-host 6.0.118-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~23.04.1 dotnet6 6.0.118-0ubuntu1~23.04.1 dotnet7 7.0.107-0ubuntu1~23.04.1 Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~22.10.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-host 6.0.118-0ubuntu1~22.10.1 dotnet-host-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~22.10.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~22.10.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~22.10.1 dotnet6 6.0.118-0ubuntu1~22.10.1 dotnet7 7.0.107-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.118-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-host 6.0.118-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.107-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.118-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.107-0ubuntu1~22.04.1 dotnet6 6.0.118-0ubuntu1~22.04.1 dotnet7 7.0.107-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6161-1 CVE-2023-24936, CVE-2023-29331, CVE-2023-29337, CVE-2023-32032, CVE-2023-33128 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~22.04.1 . Updates to resolve multiple .NET vulnerabilities on Ubuntu 23.04, 22.10, and 22.04 LTS are now available, tackling unauthorized access and DoS threats. dotnet Issues, Ubuntu Security Notice, Software Update, Privilege Escalation, DoS Attack. . Severity: Critical. LinuxSecurity.com Team
Jun 13, 2023
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!