Lucene search

AlmaLinuxALSA-2022:2200

HistoryMay 11, 2022 - 1:22 p.m.

Important: .NET 5.0 security, bug fix, and enhancement update

2022-05-1113:22:02

errata.almalinux.org

.net core sdk

.net core runtime

security vulnerability

excess memory allocation

dos

malicious content

high cpu usage

parsing html

denial of service

cve page

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.0%

JSON

.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17.

Security Fix(es):

dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64dotnet-sdk-5.0-source-built-artifacts< 5.0.214-1.el8_6dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el8_6.x86_64.rpm
almalinux8x86_64dotnet-hostfxr-5.0< 5.0.17-1.el8_6dotnet-hostfxr-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux8x86_64dotnet-sdk-5.0< 5.0.214-1.el8_6dotnet-sdk-5.0-5.0.214-1.el8_6.x86_64.rpm
almalinux8x86_64dotnet-runtime-5.0< 5.0.17-1.el8_6dotnet-runtime-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux8x86_64aspnetcore-targeting-pack-5.0< 5.0.17-1.el8_6aspnetcore-targeting-pack-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux8x86_64dotnet-templates-5.0< 5.0.214-1.el8_6dotnet-templates-5.0-5.0.214-1.el8_6.x86_64.rpm
almalinux8x86_64dotnet-apphost-pack-5.0< 5.0.17-1.el8_6dotnet-apphost-pack-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux8x86_64aspnetcore-runtime-5.0< 5.0.17-1.el8_6aspnetcore-runtime-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux8x86_64dotnet-targeting-pack-5.0< 5.0.17-1.el8_6dotnet-targeting-pack-5.0-5.0.17-1.el8_6.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	x86_64	dotnet-sdk-5.0-source-built-artifacts	< 5.0.214-1.el8_6	dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el8_6.x86_64.rpm
almalinux	8	x86_64	dotnet-hostfxr-5.0	< 5.0.17-1.el8_6	dotnet-hostfxr-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux	8	x86_64	dotnet-sdk-5.0	< 5.0.214-1.el8_6	dotnet-sdk-5.0-5.0.214-1.el8_6.x86_64.rpm
almalinux	8	x86_64	dotnet-runtime-5.0	< 5.0.17-1.el8_6	dotnet-runtime-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux	8	x86_64	aspnetcore-targeting-pack-5.0	< 5.0.17-1.el8_6	aspnetcore-targeting-pack-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux	8	x86_64	dotnet-templates-5.0	< 5.0.214-1.el8_6	dotnet-templates-5.0-5.0.214-1.el8_6.x86_64.rpm
almalinux	8	x86_64	dotnet-apphost-pack-5.0	< 5.0.17-1.el8_6	dotnet-apphost-pack-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux	8	x86_64	aspnetcore-runtime-5.0	< 5.0.17-1.el8_6	aspnetcore-runtime-5.0-5.0.17-1.el8_6.x86_64.rpm
almalinux	8	x86_64	dotnet-targeting-pack-5.0	< 5.0.17-1.el8_6	dotnet-targeting-pack-5.0-5.0.17-1.el8_6.x86_64.rpm