(RHSA-2023:7259) Moderate: .NET 6.0 security, bug fix, and enhancement update

2023-11-1517:27:08

access.redhat.com

.net framework

security update

bug fix

enhancement

cve-2023-36049

cve-2023-36558

unix

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

JSON

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.125). (BZ#2247677)

Security Fix(es):

dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)
dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-dotnet60-dotnet-targeting-pack-6.0< 6.0.25-1.el7_9rh-dotnet60-dotnet-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-dotnet-sdk-6.0< 6.0.125-1.el7_9rh-dotnet60-dotnet-sdk-6.0-6.0.125-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-dotnet-runtime-6.0< 6.0.25-1.el7_9rh-dotnet60-dotnet-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-aspnetcore-runtime-6.0< 6.0.25-1.el7_9rh-dotnet60-aspnetcore-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-dotnet-debuginfo< 6.0.125-1.el7_9rh-dotnet60-dotnet-debuginfo-6.0.125-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-dotnet-apphost-pack-6.0< 6.0.25-1.el7_9rh-dotnet60-dotnet-apphost-pack-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts< 6.0.125-1.el7_9rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-dotnet< 6.0.125-1.el7_9rh-dotnet60-dotnet-6.0.125-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-netstandard-targeting-pack-2.1< 6.0.125-1.el7_9rh-dotnet60-netstandard-targeting-pack-2.1-6.0.125-1.el7_9.x86_64.rpm
RedHat7x86_64rh-dotnet60-aspnetcore-targeting-pack-6.0< 6.0.25-1.el7_9rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-dotnet60-dotnet-targeting-pack-6.0	< 6.0.25-1.el7_9	rh-dotnet60-dotnet-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-dotnet-sdk-6.0	< 6.0.125-1.el7_9	rh-dotnet60-dotnet-sdk-6.0-6.0.125-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-dotnet-runtime-6.0	< 6.0.25-1.el7_9	rh-dotnet60-dotnet-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-aspnetcore-runtime-6.0	< 6.0.25-1.el7_9	rh-dotnet60-aspnetcore-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-dotnet-debuginfo	< 6.0.125-1.el7_9	rh-dotnet60-dotnet-debuginfo-6.0.125-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-dotnet-apphost-pack-6.0	< 6.0.25-1.el7_9	rh-dotnet60-dotnet-apphost-pack-6.0-6.0.25-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts	< 6.0.125-1.el7_9	rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-dotnet	< 6.0.125-1.el7_9	rh-dotnet60-dotnet-6.0.125-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-netstandard-targeting-pack-2.1	< 6.0.125-1.el7_9	rh-dotnet60-netstandard-targeting-pack-2.1-6.0.125-1.el7_9.x86_64.rpm
RedHat	7	x86_64	rh-dotnet60-aspnetcore-targeting-pack-6.0	< 6.0.25-1.el7_9	rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm