Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2017:3248 - Security Advisory
Issued:
2017-11-20
Updated:
2017-11-20

RHSA-2017:3248 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: .NET Core security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update for .NET Core on RHEL is now available.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3.

Security Fix(es):

  • By providing an invalid culture, an attacker can cause a recursive lookup that leads to a denial of service when running on certain Windows platforms. (CVE-2017-8585)
  • Supplying a specially crafted certificate can cause an infinite X509Chain, resulting in a denial of service. (CVE-2017-11770)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture
  • BZ - 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate

CVEs

  • CVE-2017-8585
  • CVE-2017-11770

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://github.com/dotnet/announcements/issues/34
  • https://github.com/dotnet/announcements/issues/44
  • https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md
  • https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md
  • https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md
Note: More recent versions of these packages may be available. Click a package name for more details.

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm SHA-256: 2793394bc691be7a7143f0618365eb92bc424dd007222a53786cdb426a06d61b
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm SHA-256: c2791eb943e10a2219718a42dd578f4e356d99ac4a169595c4c53fedc0319d08
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm SHA-256: 1ce2ed1aa7c9b5ab578c3ebff85dbbdfffcd79176256850d1571edc415ad8a41
x86_64
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm SHA-256: 2ec0564c4ed24696c39d28106711626fb3b664a2fe35311513f9f193e362c5d8
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm SHA-256: 72a2353da668205dc55b2178d5cb8febc639b1d1130fd9e67677d0ebfcf0c248
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm SHA-256: a737265af6f2b9cb78c3e864d58cd9b480840a87848616297a0879203451b77b
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm SHA-256: 842be5b949fe9b58dab365eaf4f6046ffc474d83b7a955a7677e5ad7f8b7ecee
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm SHA-256: 90d5db8aac3f851908601aa8f536ec0152832e6d67d262c687d73b76d6a4f697
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm SHA-256: 1f44f0ba90aa982e9a962af06ee306eb158767dbb011040908bd9d69e8df773f
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm SHA-256: a5ed100a21d5b3993fe5765ad4751533d239e544db709169759f2c3b5082daa1
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm SHA-256: 210643184b28585a685e01520bff2015e07a57dd7e14889e38d790243f57e39b
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm SHA-256: 60f0d7b6db0dc9b97ffbe7d7704265d54c3e3825b3c09a99b1eb8aa092540799

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm SHA-256: 2793394bc691be7a7143f0618365eb92bc424dd007222a53786cdb426a06d61b
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm SHA-256: c2791eb943e10a2219718a42dd578f4e356d99ac4a169595c4c53fedc0319d08
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm SHA-256: 1ce2ed1aa7c9b5ab578c3ebff85dbbdfffcd79176256850d1571edc415ad8a41
x86_64
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm SHA-256: 2ec0564c4ed24696c39d28106711626fb3b664a2fe35311513f9f193e362c5d8
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm SHA-256: 72a2353da668205dc55b2178d5cb8febc639b1d1130fd9e67677d0ebfcf0c248
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm SHA-256: a737265af6f2b9cb78c3e864d58cd9b480840a87848616297a0879203451b77b
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm SHA-256: 842be5b949fe9b58dab365eaf4f6046ffc474d83b7a955a7677e5ad7f8b7ecee
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm SHA-256: 90d5db8aac3f851908601aa8f536ec0152832e6d67d262c687d73b76d6a4f697
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm SHA-256: 1f44f0ba90aa982e9a962af06ee306eb158767dbb011040908bd9d69e8df773f
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm SHA-256: a5ed100a21d5b3993fe5765ad4751533d239e544db709169759f2c3b5082daa1
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm SHA-256: 210643184b28585a685e01520bff2015e07a57dd7e14889e38d790243f57e39b
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm SHA-256: 60f0d7b6db0dc9b97ffbe7d7704265d54c3e3825b3c09a99b1eb8aa092540799

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm SHA-256: 2793394bc691be7a7143f0618365eb92bc424dd007222a53786cdb426a06d61b
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm SHA-256: c2791eb943e10a2219718a42dd578f4e356d99ac4a169595c4c53fedc0319d08
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm SHA-256: 1ce2ed1aa7c9b5ab578c3ebff85dbbdfffcd79176256850d1571edc415ad8a41
x86_64
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm SHA-256: 2ec0564c4ed24696c39d28106711626fb3b664a2fe35311513f9f193e362c5d8
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm SHA-256: 72a2353da668205dc55b2178d5cb8febc639b1d1130fd9e67677d0ebfcf0c248
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm SHA-256: a737265af6f2b9cb78c3e864d58cd9b480840a87848616297a0879203451b77b
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm SHA-256: 842be5b949fe9b58dab365eaf4f6046ffc474d83b7a955a7677e5ad7f8b7ecee
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm SHA-256: 90d5db8aac3f851908601aa8f536ec0152832e6d67d262c687d73b76d6a4f697
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm SHA-256: 1f44f0ba90aa982e9a962af06ee306eb158767dbb011040908bd9d69e8df773f
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm SHA-256: a5ed100a21d5b3993fe5765ad4751533d239e544db709169759f2c3b5082daa1
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm SHA-256: 210643184b28585a685e01520bff2015e07a57dd7e14889e38d790243f57e39b
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm SHA-256: 60f0d7b6db0dc9b97ffbe7d7704265d54c3e3825b3c09a99b1eb8aa092540799

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter