Red Hat Product Errata RHSA-2017:3248 - Security Advisory

Issued:: 2017-11-20
Updated:: 2017-11-20

RHSA-2017:3248 - Security Advisory

Overview
Updated Packages

Synopsis

Low: .NET Core security update

Type/Severity

Security Advisory: Low

Topic

A security update for .NET Core on RHEL is now available.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3.

Security Fix(es):

By providing an invalid culture, an attacker can cause a recursive lookup that leads to a denial of service when running on certain Windows platforms. (CVE-2017-8585)
Supplying a specially crafted certificate can cause an infinite X509Chain, resulting in a denial of service. (CVE-2017-11770)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

dotNET on RHEL (for RHEL Server) 1 x86_64
dotNET on RHEL (for RHEL Workstation) 1 x86_64
dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

BZ - 1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture
BZ - 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate

CVEs

References

https://access.redhat.com/security/updates/classification/#low

https://github.com/dotnet/announcements/issues/34

https://github.com/dotnet/announcements/issues/44

https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md

https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md

https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md

Note: More recent versions of these packages may be available. Click a package name for more details.

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm	SHA-256: 2793394bc691be7a7143f0618365eb92bc424dd007222a53786cdb426a06d61b
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm	SHA-256: c2791eb943e10a2219718a42dd578f4e356d99ac4a169595c4c53fedc0319d08
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm	SHA-256: 1ce2ed1aa7c9b5ab578c3ebff85dbbdfffcd79176256850d1571edc415ad8a41
x86_64
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm	SHA-256: 2ec0564c4ed24696c39d28106711626fb3b664a2fe35311513f9f193e362c5d8
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm	SHA-256: 72a2353da668205dc55b2178d5cb8febc639b1d1130fd9e67677d0ebfcf0c248
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm	SHA-256: a737265af6f2b9cb78c3e864d58cd9b480840a87848616297a0879203451b77b
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm	SHA-256: 842be5b949fe9b58dab365eaf4f6046ffc474d83b7a955a7677e5ad7f8b7ecee
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm	SHA-256: 90d5db8aac3f851908601aa8f536ec0152832e6d67d262c687d73b76d6a4f697
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm	SHA-256: 1f44f0ba90aa982e9a962af06ee306eb158767dbb011040908bd9d69e8df773f
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm	SHA-256: a5ed100a21d5b3993fe5765ad4751533d239e544db709169759f2c3b5082daa1
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm	SHA-256: 210643184b28585a685e01520bff2015e07a57dd7e14889e38d790243f57e39b
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm	SHA-256: 60f0d7b6db0dc9b97ffbe7d7704265d54c3e3825b3c09a99b1eb8aa092540799

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm	SHA-256: 2793394bc691be7a7143f0618365eb92bc424dd007222a53786cdb426a06d61b
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm	SHA-256: c2791eb943e10a2219718a42dd578f4e356d99ac4a169595c4c53fedc0319d08
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm	SHA-256: 1ce2ed1aa7c9b5ab578c3ebff85dbbdfffcd79176256850d1571edc415ad8a41
x86_64
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm	SHA-256: 2ec0564c4ed24696c39d28106711626fb3b664a2fe35311513f9f193e362c5d8
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm	SHA-256: 72a2353da668205dc55b2178d5cb8febc639b1d1130fd9e67677d0ebfcf0c248
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm	SHA-256: a737265af6f2b9cb78c3e864d58cd9b480840a87848616297a0879203451b77b
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm	SHA-256: 842be5b949fe9b58dab365eaf4f6046ffc474d83b7a955a7677e5ad7f8b7ecee
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm	SHA-256: 90d5db8aac3f851908601aa8f536ec0152832e6d67d262c687d73b76d6a4f697
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm	SHA-256: 1f44f0ba90aa982e9a962af06ee306eb158767dbb011040908bd9d69e8df773f
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm	SHA-256: a5ed100a21d5b3993fe5765ad4751533d239e544db709169759f2c3b5082daa1
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm	SHA-256: 210643184b28585a685e01520bff2015e07a57dd7e14889e38d790243f57e39b
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm	SHA-256: 60f0d7b6db0dc9b97ffbe7d7704265d54c3e3825b3c09a99b1eb8aa092540799

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm	SHA-256: 2793394bc691be7a7143f0618365eb92bc424dd007222a53786cdb426a06d61b
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm	SHA-256: c2791eb943e10a2219718a42dd578f4e356d99ac4a169595c4c53fedc0319d08
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm	SHA-256: 1ce2ed1aa7c9b5ab578c3ebff85dbbdfffcd79176256850d1571edc415ad8a41
x86_64
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm	SHA-256: 2ec0564c4ed24696c39d28106711626fb3b664a2fe35311513f9f193e362c5d8
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm	SHA-256: 72a2353da668205dc55b2178d5cb8febc639b1d1130fd9e67677d0ebfcf0c248
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm	SHA-256: a737265af6f2b9cb78c3e864d58cd9b480840a87848616297a0879203451b77b
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm	SHA-256: 842be5b949fe9b58dab365eaf4f6046ffc474d83b7a955a7677e5ad7f8b7ecee
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm	SHA-256: 90d5db8aac3f851908601aa8f536ec0152832e6d67d262c687d73b76d6a4f697
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm	SHA-256: 1f44f0ba90aa982e9a962af06ee306eb158767dbb011040908bd9d69e8df773f
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm	SHA-256: a5ed100a21d5b3993fe5765ad4751533d239e544db709169759f2c3b5082daa1
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm	SHA-256: 210643184b28585a685e01520bff2015e07a57dd7e14889e38d790243f57e39b
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm	SHA-256: 60f0d7b6db0dc9b97ffbe7d7704265d54c3e3825b3c09a99b1eb8aa092540799

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories