(RHSA-2019:0040) Moderate: .NET Core on Red Hat Enterprise Linux security update

2019-01-0908:33:36

access.redhat.com

0.019 Low

EPSS

Percentile

88.5%

JSON

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now
available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

.NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)
.NET Core: ANCM WebSocket DOS (CVE-2019-0548)
.NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References
section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-dotnet22< 2.2-2.el7rh-dotnet22-2.2-2.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-debuginfo< 2.2.102-1.el7rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-runtime< 2.2-2.el7rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-host< 2.2.1-1.el7rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet-runtime-2.1< 2.1.7-1.el7rh-dotnet21-dotnet-runtime-2.1-2.1.7-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet-sdk-2.1.5xx< 2.1.503-1.el7rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.503-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-host-fxr-2.2< 2.2.1-1.el7rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21< 2.1-6.el7rh-dotnet21-2.1-6.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet-sdk-2.1< 2.1.503-1.el7rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-sdk-2.2< 2.2.102-1.el7rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-dotnet22	< 2.2-2.el7	rh-dotnet22-2.2-2.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-debuginfo	< 2.2.102-1.el7	rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-runtime	< 2.2-2.el7	rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-host	< 2.2.1-1.el7	rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet-runtime-2.1	< 2.1.7-1.el7	rh-dotnet21-dotnet-runtime-2.1-2.1.7-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet-sdk-2.1.5xx	< 2.1.503-1.el7	rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.503-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-host-fxr-2.2	< 2.2.1-1.el7	rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21	< 2.1-6.el7	rh-dotnet21-2.1-6.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet-sdk-2.1	< 2.1.503-1.el7	rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-sdk-2.2	< 2.2.102-1.el7	rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm