Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rockyRockylinux Product ErrataRLSA-2022:0827
HistoryMar 10, 2022 - 2:44 p.m.

.NET Core 3.1 security and bugfix update

2022-03-1014:44:29
Rockylinux Product Errata
errata.rockylinux.org
20
.net core
security update
bugfix
rocky linux 8
cve-2022-24464
cve-2022-24512
cve-2020-8927
cvss score
unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.01

Percentile

83.5%

JSON

An update is available for dotnet3.1.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.

Security Fix(es):

  • dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)

  • dotnet: double parser stack buffer overrun (CVE-2022-24512)

  • brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8x86_64aspnetcore-runtime-3.1< 3.1.23-1.el8_5aspnetcore-runtime-3.1-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64aspnetcore-targeting-pack-3.1< 3.1.23-1.el8_5aspnetcore-targeting-pack-3.1-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet3.1-debuginfo< 3.1.417-1.el8_5dotnet3.1-debuginfo-0:3.1.417-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-apphost-pack-3.1< 3.1.23-1.el8_5dotnet-apphost-pack-3.1-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-apphost-pack-3.1-debuginfo< 3.1.23-1.el8_5dotnet-apphost-pack-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-hostfxr-3.1< 3.1.23-1.el8_5dotnet-hostfxr-3.1-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-hostfxr-3.1-debuginfo< 3.1.23-1.el8_5dotnet-hostfxr-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-runtime-3.1< 3.1.23-1.el8_5dotnet-runtime-3.1-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-runtime-3.1-debuginfo< 3.1.23-1.el8_5dotnet-runtime-3.1-debuginfo-0:3.1.23-1.el8_5.x86_64.rpm
rocky8x86_64dotnet-sdk-3.1< 3.1.417-1.el8_5dotnet-sdk-3.1-0:3.1.417-1.el8_5.x86_64.rpm
Rows per page:
1-10 of 141

Related

redhat 10
almalinux 4
osv 29
fedora 12
rocky 6
altlinux 7
openvas 26
nessus 48
oraclelinux 4
kaspersky 1
ibm 2
mscve 3
cvelist 3
nvd 3
cve 3
redhatcve 3
veracode 3
prion 3
github 3
rustsec 2
archlinux 2
suse 2
cbl_mariner 3
debian 2
mageia 1
debiancve 1
alpinelinux 1
ubuntu 1
gitlab 1
ubuntucve 1
photon 2
hivepro 2
malwarebytes 1
thn 1
krebs 1
threatpost 1
rapid7blog 1
redhat
redhat
(RHSA-2022:0827) Important: .NET Core 3.1 security and bugfix update
2022-03-10 14:44:29
(RHSA-2022:0830) Important: .NET 5.0 security and bugfix update
2022-03-10 14:46:56
(RHSA-2022:0829) Important: .NET Core 3.1 on RHEL 7 security and bugfix update
2022-03-10 14:46:13
almalinux
almalinux
Important: .NET 5.0 security and bugfix update
2022-03-10 14:46:56
Important: .NET Core 3.1 security and bugfix update
2022-03-10 14:44:29
Important: .NET 6.0 security and bugfix update
2022-03-10 14:43:46
osv
osv
Important: .NET 5.0 security and bugfix update
2022-03-10 14:46:56
Important: .NET 5.0 security and bugfix update
2022-03-10 14:46:56
Important: .NET Core 3.1 security and bugfix update
2022-03-10 14:44:29
fedora
fedora
[SECURITY] Fedora 35 Update: dotnet3.1-3.1.417-1.fc35
2022-03-27 01:18:11
[SECURITY] Fedora 36 Update: dotnet3.1-3.1.417-1.fc36
2022-03-26 15:56:33
[SECURITY] Fedora 34 Update: dotnet3.1-3.1.417-1.fc34
2022-03-27 01:40:58
rocky
rocky
.NET 5.0 security and bugfix update
2022-03-10 14:46:56
.NET 5.0 security and bugfix update
2022-03-11 02:19:05
.NET 6.0 security and bugfix update
2022-03-11 02:21:15
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.23-alt1
2022-04-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 5.0.15-alt1
2022-04-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.23-alt1
2022-04-02 00:00:00
openvas
openvas
Fedora: Security Advisory for dotnet3.1 (FEDORA-2022-d28042f559)
2022-03-28 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2022-5ecee47acb)
2022-03-28 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2022-9e046f579a)
2022-03-27 00:00:00
nessus
nessus
RHEL 8 : .NET Core 3.1 (RHSA-2022:0827)
2022-03-11 00:00:00
RHEL 7 : .NET 5.0 on RHEL 7 (RHSA-2022:0828)
2022-03-11 00:00:00
Security Updates for Microsoft Visual Studio Products (March 2022)
2022-03-08 00:00:00
oraclelinux
oraclelinux
.NET 5.0 security and bugfix update
2022-03-11 00:00:00
.NET Core 3.1 security and bugfix update
2022-03-11 00:00:00
.NET 6.0 security and bugfix update
2022-03-11 00:00:00
kaspersky
kaspersky
KLA12474 Multiple vulnerabilities in Microsoft Developer Tools
2022-03-08 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-08-20 18:29:33
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access
2022-01-07 00:24:27
mscve
mscve
.NET and Visual Studio Denial of Service Vulnerability
2022-03-08 08:00:00
Brotli Library Buffer Overflow Vulnerability
2022-03-08 08:00:00
.NET and Visual Studio Remote Code Execution Vulnerability
2022-03-08 08:00:00
cvelist
cvelist
CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability
2022-03-09 17:07:46
CVE-2020-8927 Buffer overflow in Brotli library
2020-09-15 09:15:12
CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability
2022-03-09 17:08:15
nvd
nvd
CVE-2022-24464
2022-03-09 17:15:14
CVE-2020-8927
2020-09-15 10:15:12
CVE-2022-24512
2022-03-09 17:15:15
cve
cve
CVE-2022-24464
2022-03-09 17:15:14
CVE-2020-8927
2020-09-15 10:15:12
CVE-2022-24512
2022-03-09 17:15:15
redhatcve
redhatcve
CVE-2022-24464
2022-03-08 18:17:25
CVE-2020-8927
2020-09-15 18:00:05
CVE-2022-24512
2022-03-08 18:41:27
veracode
veracode
Denial Of Service (DoS)
2022-03-22 00:35:14
Denial Of Service (DoS)
2020-09-29 03:53:18
Remote Code Execution (RCE)
2022-03-22 00:35:17
prion
prion
Denial of service
2022-03-09 17:15:00
Remote code execution
2022-03-09 17:15:00
Buffer overflow
2020-09-15 10:15:00
github
github
.NET Denial of Service Vulnerability
2022-10-21 20:32:34
Integer overflow in the bundled Brotli C library
2022-05-24 17:28:21
.NET Remote Code Execution Vulnerability
2022-10-18 21:46:08
rustsec
rustsec
Integer overflow in the bundled Brotli C library
2021-12-20 12:00:00
Integer overflow in the bundled Brotli C library
2021-12-20 12:00:00
archlinux
archlinux
[ASA-202009-13] brotli: denial of service
2020-09-26 00:00:00
[ASA-202009-12] lib32-brotli: denial of service
2020-09-26 00:00:00
suse
suse
Security update for brotli (moderate)
2020-09-30 00:00:00
Security update for brotli (moderate)
2021-12-06 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-8927 affecting package powershell 7.2.1-1
2022-04-07 06:04:11
CVE-2020-8927 affecting package brotli for versions less than 1.0.7-10
2022-04-09 06:51:43
CVE-2020-8927 affecting package brotli 1.0.7-9
2020-11-30 19:30:57
debian
debian
[SECURITY] [DLA 2476-1] brotli security update
2020-12-01 22:58:17
[SECURITY] [DSA 4801-1] brotli security update
2020-12-01 21:49:43
mageia
mageia
Updated brotli packages fix security vulnerability
2020-10-16 18:44:59
debiancve
debiancve
CVE-2020-8927
2020-09-15 10:15:12
alpinelinux
alpinelinux
CVE-2020-8927
2020-09-15 10:15:12
ubuntu
ubuntu
Brotli vulnerability
2020-10-05 00:00:00
gitlab
gitlab
Buffer Overflow
2020-09-15 00:00:00
ubuntucve
ubuntucve
CVE-2020-8927
2020-09-15 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0488
2022-11-16 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0279
2022-11-10 00:00:00
hivepro
hivepro
Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update
2022-03-09 14:14:19
Weekly Threat Digest: 7 – 13 March 2022
2022-03-14 16:24:44
malwarebytes
malwarebytes
Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday
2022-03-09 19:51:59
thn
thn
Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms
2022-03-09 05:44:00
krebs
krebs
Microsoft Patch Tuesday, March 2022 Edition
2022-03-09 16:22:12
threatpost
threatpost
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
2022-03-08 21:42:06
rapid7blog
rapid7blog
Patch Tuesday - March 2022
2022-03-08 21:08:35

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.01

Percentile

83.5%

JSON
Related for RLSA-2022:0827
redhat10almalinux4osv29fedora12rocky6altlinux7openvas26nessus48oraclelinux4kaspersky1ibm2mscve3cvelist3nvd3cve3redhatcve3veracode3prion3github3rustsec2archlinux2suse2cbl_mariner3debian2mageia1debiancve1alpinelinux1ubuntu1gitlab1ubuntucve1photon2hivepro2malwarebytes1thn1krebs1threatpost1rapid7blog1