Red Hat Product Errata RHSA-2019:0040 - Security Advisory
Issued:
2019-01-09
Updated:
2019-01-09

RHSA-2019:0040 - Security Advisory

Synopsis

Moderate: .NET Core on Red Hat Enterprise Linux security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now
available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

  • .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)
  • .NET Core: ANCM WebSocket DOS (CVE-2019-0548)
  • .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References
section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure
  • BZ - 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)
  • BZ - 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet21-2.1-6.el7.src.rpm SHA-256: 7444c14111587bebc7c5d0b1306f610f1736c59f924f2d8558c422e21e8c1812
rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm SHA-256: bf519dedb5a877648a0c0a66bbef30823f84494ccccb3bddc4298375f9a3779e
rh-dotnet22-2.2-2.el7.src.rpm SHA-256: 3d93e678861104ab96e903a0743397dc9315b4487e8f5145c5df24138fc0585f
rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm SHA-256: 71e9bab091b2da87d84c5d0e19cb5b5a75059cbeb17b0e2e770f0f501978438a
x86_64
rh-dotnet21-2.1-6.el7.x86_64.rpm SHA-256: 132d763cb857d864c7b59589847930e2c2d7a73c76c4b1013fb865b6afee8ddc
rh-dotnet21-dotnet-2.1.503-1.el7.x86_64.rpm SHA-256: d9f95ff6c3ca9008686bd39838d693f18baef6405fdb356aa8c35450c6fe78be
rh-dotnet21-dotnet-debuginfo-2.1.503-1.el7.x86_64.rpm SHA-256: dd71fe2de11d17a2e5d6f5f502b603ee3057430929d2d39265f99a70f9ea7216
rh-dotnet21-dotnet-host-2.1.7-1.el7.x86_64.rpm SHA-256: 91216af19ae4e6841d19e768c3f021d3f40b2790010c5a12be14d4b56712923a
rh-dotnet21-dotnet-runtime-2.1-2.1.7-1.el7.x86_64.rpm SHA-256: 2d02847726bd01b1c3213369c864a39d081e0f2905e75509409cf7989524a444
rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm SHA-256: 23c534a704d056c484e57199059916b45019e3a525fe05ce82b5144bb3e96139
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.503-1.el7.x86_64.rpm SHA-256: 896b875d0f86f9390b15958e9ab93d697363adc443ef285ce3eb122858ac92ac
rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm SHA-256: f6bebbb5bd491848756a2b4a593d10c71e2d0ecadefc6c9863372b547cce7139
rh-dotnet22-2.2-2.el7.x86_64.rpm SHA-256: 3efd4a748ed691b3ceaa82e8f11691bc3395e832137d792a41106db8ba3cb721
rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm SHA-256: 568b6083af6f44781ad5461f63d7570a0e808a040185ae9b6e98ea4cce76e1e3
rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm SHA-256: 0c16eeef6247e10403046bd1dccca23f146abaece5b7b0dd4404ff211f6153fc
rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm SHA-256: 932b652a09dc1d357073d3718e7c21d4b1a2faab78cfe4b801ffe6fbc1b7337f
rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm SHA-256: ad53d15ba40b2ed96c309626dbc69318792ac0c0e43fb1e040b9231461aa69bd
rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm SHA-256: 0fb119e147b39ae7bdb7b3414c2da342ccb2e81c3f42e0057e0be12652b5def9
rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm SHA-256: e43ea4009f216708a86fd01ceeb040484182613b894aee37fd0a369314f44892
rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm SHA-256: a93006dfb94f17886561d07794ca8fb64ec90e5453353c407fa24268a6146bfc
rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm SHA-256: 8ada447cbab57ed49b101fdaba7fc3fb5325aa31aa10e053866020e9d3ad9730

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet21-2.1-6.el7.src.rpm SHA-256: 7444c14111587bebc7c5d0b1306f610f1736c59f924f2d8558c422e21e8c1812
rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm SHA-256: bf519dedb5a877648a0c0a66bbef30823f84494ccccb3bddc4298375f9a3779e
rh-dotnet22-2.2-2.el7.src.rpm SHA-256: 3d93e678861104ab96e903a0743397dc9315b4487e8f5145c5df24138fc0585f
rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm SHA-256: 71e9bab091b2da87d84c5d0e19cb5b5a75059cbeb17b0e2e770f0f501978438a
x86_64
rh-dotnet21-2.1-6.el7.x86_64.rpm SHA-256: 132d763cb857d864c7b59589847930e2c2d7a73c76c4b1013fb865b6afee8ddc
rh-dotnet21-dotnet-2.1.503-1.el7.x86_64.rpm SHA-256: d9f95ff6c3ca9008686bd39838d693f18baef6405fdb356aa8c35450c6fe78be
rh-dotnet21-dotnet-debuginfo-2.1.503-1.el7.x86_64.rpm SHA-256: dd71fe2de11d17a2e5d6f5f502b603ee3057430929d2d39265f99a70f9ea7216
rh-dotnet21-dotnet-host-2.1.7-1.el7.x86_64.rpm SHA-256: 91216af19ae4e6841d19e768c3f021d3f40b2790010c5a12be14d4b56712923a
rh-dotnet21-dotnet-runtime-2.1-2.1.7-1.el7.x86_64.rpm SHA-256: 2d02847726bd01b1c3213369c864a39d081e0f2905e75509409cf7989524a444
rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm SHA-256: 23c534a704d056c484e57199059916b45019e3a525fe05ce82b5144bb3e96139
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.503-1.el7.x86_64.rpm SHA-256: 896b875d0f86f9390b15958e9ab93d697363adc443ef285ce3eb122858ac92ac
rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm SHA-256: f6bebbb5bd491848756a2b4a593d10c71e2d0ecadefc6c9863372b547cce7139
rh-dotnet22-2.2-2.el7.x86_64.rpm SHA-256: 3efd4a748ed691b3ceaa82e8f11691bc3395e832137d792a41106db8ba3cb721
rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm SHA-256: 568b6083af6f44781ad5461f63d7570a0e808a040185ae9b6e98ea4cce76e1e3
rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm SHA-256: 0c16eeef6247e10403046bd1dccca23f146abaece5b7b0dd4404ff211f6153fc
rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm SHA-256: 932b652a09dc1d357073d3718e7c21d4b1a2faab78cfe4b801ffe6fbc1b7337f
rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm SHA-256: ad53d15ba40b2ed96c309626dbc69318792ac0c0e43fb1e040b9231461aa69bd
rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm SHA-256: 0fb119e147b39ae7bdb7b3414c2da342ccb2e81c3f42e0057e0be12652b5def9
rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm SHA-256: e43ea4009f216708a86fd01ceeb040484182613b894aee37fd0a369314f44892
rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm SHA-256: a93006dfb94f17886561d07794ca8fb64ec90e5453353c407fa24268a6146bfc
rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm SHA-256: 8ada447cbab57ed49b101fdaba7fc3fb5325aa31aa10e053866020e9d3ad9730

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet21-2.1-6.el7.src.rpm SHA-256: 7444c14111587bebc7c5d0b1306f610f1736c59f924f2d8558c422e21e8c1812
rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm SHA-256: bf519dedb5a877648a0c0a66bbef30823f84494ccccb3bddc4298375f9a3779e
rh-dotnet22-2.2-2.el7.src.rpm SHA-256: 3d93e678861104ab96e903a0743397dc9315b4487e8f5145c5df24138fc0585f
rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm SHA-256: 71e9bab091b2da87d84c5d0e19cb5b5a75059cbeb17b0e2e770f0f501978438a
x86_64
rh-dotnet21-2.1-6.el7.x86_64.rpm SHA-256: 132d763cb857d864c7b59589847930e2c2d7a73c76c4b1013fb865b6afee8ddc
rh-dotnet21-dotnet-2.1.503-1.el7.x86_64.rpm SHA-256: d9f95ff6c3ca9008686bd39838d693f18baef6405fdb356aa8c35450c6fe78be
rh-dotnet21-dotnet-debuginfo-2.1.503-1.el7.x86_64.rpm SHA-256: dd71fe2de11d17a2e5d6f5f502b603ee3057430929d2d39265f99a70f9ea7216
rh-dotnet21-dotnet-host-2.1.7-1.el7.x86_64.rpm SHA-256: 91216af19ae4e6841d19e768c3f021d3f40b2790010c5a12be14d4b56712923a
rh-dotnet21-dotnet-runtime-2.1-2.1.7-1.el7.x86_64.rpm SHA-256: 2d02847726bd01b1c3213369c864a39d081e0f2905e75509409cf7989524a444
rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm SHA-256: 23c534a704d056c484e57199059916b45019e3a525fe05ce82b5144bb3e96139
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.503-1.el7.x86_64.rpm SHA-256: 896b875d0f86f9390b15958e9ab93d697363adc443ef285ce3eb122858ac92ac
rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm SHA-256: f6bebbb5bd491848756a2b4a593d10c71e2d0ecadefc6c9863372b547cce7139
rh-dotnet22-2.2-2.el7.x86_64.rpm SHA-256: 3efd4a748ed691b3ceaa82e8f11691bc3395e832137d792a41106db8ba3cb721
rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm SHA-256: 568b6083af6f44781ad5461f63d7570a0e808a040185ae9b6e98ea4cce76e1e3
rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm SHA-256: 0c16eeef6247e10403046bd1dccca23f146abaece5b7b0dd4404ff211f6153fc
rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm SHA-256: 932b652a09dc1d357073d3718e7c21d4b1a2faab78cfe4b801ffe6fbc1b7337f
rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm SHA-256: ad53d15ba40b2ed96c309626dbc69318792ac0c0e43fb1e040b9231461aa69bd
rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm SHA-256: 0fb119e147b39ae7bdb7b3414c2da342ccb2e81c3f42e0057e0be12652b5def9
rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm SHA-256: e43ea4009f216708a86fd01ceeb040484182613b894aee37fd0a369314f44892
rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm SHA-256: a93006dfb94f17886561d07794ca8fb64ec90e5453353c407fa24268a6146bfc
rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm SHA-256: 8ada447cbab57ed49b101fdaba7fc3fb5325aa31aa10e053866020e9d3ad9730

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.