- Issued:
- 2019-05-15
- Updated:
- 2019-05-15
RHSA-2019:1236 - Security Advisory
Synopsis
Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5.
Security Fix(es):
- dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
- dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
- dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
- Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
- Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
- Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- dotNET on RHEL (for RHEL Server) 1 x86_64
- dotNET on RHEL (for RHEL Workstation) 1 x86_64
- dotNET on RHEL (for RHEL Compute Node) 1 x86_64
Fixes
- BZ - 1654863 - Re-enable bash completion in rh-dotnet22-dotnet
- BZ - 1678932 - Error rebuilding rh-dotnet22-curl in CentOS
- BZ - 1703479 - Broken apphost caused by unset DOTNET_ROOT
- BZ - 1703508 - Update to .NET Core 1.1.13
- BZ - 1704454 - Update to .NET Core 1.0.16
- BZ - 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107
- BZ - 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507
- BZ - 1705259 - Make bash completion compatible with rh-dotnet22 packages
- BZ - 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service
- BZ - 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
- BZ - 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
CVEs
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
Note:
More recent versions of these packages may be available.
Click a package name for more details.
dotNET on RHEL (for RHEL Server) 1
| SRPM | |
|---|---|
| rh-dotnet21-2.1-10.el7.src.rpm | SHA-256: c3a0bda7b6e45b5daa5840f63ddac9b1a8d295704f828c32c90d3dcecd6e522b |
| rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm | SHA-256: 6b7b36074098e9e13abd5a2f66aa42fa141fa58c8d8d63f38419970871812efa |
| rh-dotnet22-2.2-7.el7.src.rpm | SHA-256: 372ee2d35678b7c3d2b0a16600de954a490558a835e90dda186a2667ca06ccb0 |
| rh-dotnet22-curl-7.61.1-2.el7.src.rpm | SHA-256: 9255366d633987e491affe3b446cb938094f77e0cb9b7eafc3b9e1732c4fb01f |
| rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm | SHA-256: d2c91356b43388e32006ab9d6aec513496ea5be8069dba9ce8fb93d14cb4b21e |
| rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm | SHA-256: d431b61c8cc7b738e99511d23dabaead6deee09f2be82178a9a3f0107f1dc77a |
| rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm | SHA-256: eae72bf80c2d364cf01a8b82aa740ab85d1b509dd48033356bfe2b3b28bf581b |
| x86_64 | |
| rh-dotnet21-2.1-10.el7.x86_64.rpm | SHA-256: bee024b42d10d37e042388b2b2602d417ed0cffa88c84140a05d0d7e5c6f9e5f |
| rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm | SHA-256: 7a85b9ce4164f31e77af29d8c9f65819c8ce561737ae1d4e726af88c3b2238ab |
| rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm | SHA-256: 9cbc7b848615fd44f3cd7ec6649d8ded8c81eb8b4a8ff6d69605f622520834ce |
| rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm | SHA-256: 52530af7a21174a938521d92a772347d8711075f07b346c23fa8d7b6da0ce51a |
| rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm | SHA-256: 698c97f7198b1045b0e54de9d463db0f72214552621d56688c1b49037194becf |
| rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm | SHA-256: cdbbcc33a35221c54b818f9ed377aa0d553bd69415d441762f072d6bfbc40d7e |
| rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm | SHA-256: 4745cfffdd17e54876c3768c6fddc5993a837ae956f4c01aa6e624a1f1b9907f |
| rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm | SHA-256: 097c6f66deb5949ce99701c49fd26fb4cdc76b78e3458a7a72c7518128e42ff6 |
| rh-dotnet22-2.2-7.el7.x86_64.rpm | SHA-256: 8fa1f8559ea86a10dac106c2f559894534b3ff97eafb7fa47c6cd75d119db5fa |
| rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm | SHA-256: d47d88c0ad548ff21d18d41e0b2fac0fd159c24cc59f6a64f59466e9cdd7c5b0 |
| rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm | SHA-256: 857ff769e3c77954369d1f8c4295ba05e537ffceb9477e365b213a17a0e0d52c |
| rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm | SHA-256: 869f2536bdb24c55a13b25f934169286e6d2e538ba259076094dad362a6a509e |
| rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm | SHA-256: f01c398fcb5d97149bf6932c15cc53cfa26b3234149cadcce79a3293ec0f3af8 |
| rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm | SHA-256: a41b8d9662c94b336bf54aebfdc59fb5c75dff94ce11c2f96f9db1bc7662f862 |
| rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm | SHA-256: 42d1c59a35072f32aa01c78d36d49f514d6857d9d15b43f05d22945262541615 |
| rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm | SHA-256: 1eff9d496d7a09a70f24b4239bac3d8a6b97d6ef968cea0dfae754d753f5c37a |
| rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm | SHA-256: a5fe0ddb0e1c38b6359f2b3e909d0a62145dd6248178c5d226787fee040fb4aa |
| rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm | SHA-256: 3aece2cc0d524925da55cef60e34314987409fa6ce509626bfbbcb83ddb20595 |
| rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm | SHA-256: 06fe4627861cf29067c6af56aa06c7d93b36d0fb43b20260ecd68aea0f142586 |
| rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm | SHA-256: 1e8be2fbbf71426540900f3803d4d981ec6c83e2eb476b6228e295d5d1a42172 |
| rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm | SHA-256: b6c6b330a109c9e9f2a29d3907bb95563df5976f874417477fa229c721dca1e8 |
| rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm | SHA-256: b489ca96c1f2d7d680386299dce33c021698b4a7829e199007adee302cd65495 |
| rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm | SHA-256: 9a9aff68dfcea897122523fd2893221027f73dc3a625257661594092ea1dc7c2 |
| rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm | SHA-256: 22a9c12cdcb917cb0d0f7845d7464cbbf2b66c9e61183b3f6f75bc768b5e9bed |
| rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm | SHA-256: 8c230418c3dea93d4b9b3c411e257cc00dc737ebf6b5fa3e7d83a182b2fc0114 |
dotNET on RHEL (for RHEL Workstation) 1
| SRPM | |
|---|---|
| rh-dotnet21-2.1-10.el7.src.rpm | SHA-256: c3a0bda7b6e45b5daa5840f63ddac9b1a8d295704f828c32c90d3dcecd6e522b |
| rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm | SHA-256: 6b7b36074098e9e13abd5a2f66aa42fa141fa58c8d8d63f38419970871812efa |
| rh-dotnet22-2.2-7.el7.src.rpm | SHA-256: 372ee2d35678b7c3d2b0a16600de954a490558a835e90dda186a2667ca06ccb0 |
| rh-dotnet22-curl-7.61.1-2.el7.src.rpm | SHA-256: 9255366d633987e491affe3b446cb938094f77e0cb9b7eafc3b9e1732c4fb01f |
| rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm | SHA-256: d2c91356b43388e32006ab9d6aec513496ea5be8069dba9ce8fb93d14cb4b21e |
| rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm | SHA-256: d431b61c8cc7b738e99511d23dabaead6deee09f2be82178a9a3f0107f1dc77a |
| rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm | SHA-256: eae72bf80c2d364cf01a8b82aa740ab85d1b509dd48033356bfe2b3b28bf581b |
| x86_64 | |
| rh-dotnet21-2.1-10.el7.x86_64.rpm | SHA-256: bee024b42d10d37e042388b2b2602d417ed0cffa88c84140a05d0d7e5c6f9e5f |
| rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm | SHA-256: 7a85b9ce4164f31e77af29d8c9f65819c8ce561737ae1d4e726af88c3b2238ab |
| rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm | SHA-256: 9cbc7b848615fd44f3cd7ec6649d8ded8c81eb8b4a8ff6d69605f622520834ce |
| rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm | SHA-256: 52530af7a21174a938521d92a772347d8711075f07b346c23fa8d7b6da0ce51a |
| rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm | SHA-256: 698c97f7198b1045b0e54de9d463db0f72214552621d56688c1b49037194becf |
| rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm | SHA-256: cdbbcc33a35221c54b818f9ed377aa0d553bd69415d441762f072d6bfbc40d7e |
| rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm | SHA-256: 4745cfffdd17e54876c3768c6fddc5993a837ae956f4c01aa6e624a1f1b9907f |
| rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm | SHA-256: 097c6f66deb5949ce99701c49fd26fb4cdc76b78e3458a7a72c7518128e42ff6 |
| rh-dotnet22-2.2-7.el7.x86_64.rpm | SHA-256: 8fa1f8559ea86a10dac106c2f559894534b3ff97eafb7fa47c6cd75d119db5fa |
| rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm | SHA-256: d47d88c0ad548ff21d18d41e0b2fac0fd159c24cc59f6a64f59466e9cdd7c5b0 |
| rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm | SHA-256: 857ff769e3c77954369d1f8c4295ba05e537ffceb9477e365b213a17a0e0d52c |
| rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm | SHA-256: 869f2536bdb24c55a13b25f934169286e6d2e538ba259076094dad362a6a509e |
| rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm | SHA-256: f01c398fcb5d97149bf6932c15cc53cfa26b3234149cadcce79a3293ec0f3af8 |
| rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm | SHA-256: a41b8d9662c94b336bf54aebfdc59fb5c75dff94ce11c2f96f9db1bc7662f862 |
| rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm | SHA-256: 42d1c59a35072f32aa01c78d36d49f514d6857d9d15b43f05d22945262541615 |
| rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm | SHA-256: 1eff9d496d7a09a70f24b4239bac3d8a6b97d6ef968cea0dfae754d753f5c37a |
| rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm | SHA-256: a5fe0ddb0e1c38b6359f2b3e909d0a62145dd6248178c5d226787fee040fb4aa |
| rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm | SHA-256: 3aece2cc0d524925da55cef60e34314987409fa6ce509626bfbbcb83ddb20595 |
| rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm | SHA-256: 06fe4627861cf29067c6af56aa06c7d93b36d0fb43b20260ecd68aea0f142586 |
| rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm | SHA-256: 1e8be2fbbf71426540900f3803d4d981ec6c83e2eb476b6228e295d5d1a42172 |
| rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm | SHA-256: b6c6b330a109c9e9f2a29d3907bb95563df5976f874417477fa229c721dca1e8 |
| rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm | SHA-256: b489ca96c1f2d7d680386299dce33c021698b4a7829e199007adee302cd65495 |
| rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm | SHA-256: 9a9aff68dfcea897122523fd2893221027f73dc3a625257661594092ea1dc7c2 |
| rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm | SHA-256: 22a9c12cdcb917cb0d0f7845d7464cbbf2b66c9e61183b3f6f75bc768b5e9bed |
| rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm | SHA-256: 8c230418c3dea93d4b9b3c411e257cc00dc737ebf6b5fa3e7d83a182b2fc0114 |
dotNET on RHEL (for RHEL Compute Node) 1
| SRPM | |
|---|---|
| rh-dotnet21-2.1-10.el7.src.rpm | SHA-256: c3a0bda7b6e45b5daa5840f63ddac9b1a8d295704f828c32c90d3dcecd6e522b |
| rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm | SHA-256: 6b7b36074098e9e13abd5a2f66aa42fa141fa58c8d8d63f38419970871812efa |
| rh-dotnet22-2.2-7.el7.src.rpm | SHA-256: 372ee2d35678b7c3d2b0a16600de954a490558a835e90dda186a2667ca06ccb0 |
| rh-dotnet22-curl-7.61.1-2.el7.src.rpm | SHA-256: 9255366d633987e491affe3b446cb938094f77e0cb9b7eafc3b9e1732c4fb01f |
| rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm | SHA-256: d2c91356b43388e32006ab9d6aec513496ea5be8069dba9ce8fb93d14cb4b21e |
| rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm | SHA-256: d431b61c8cc7b738e99511d23dabaead6deee09f2be82178a9a3f0107f1dc77a |
| rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm | SHA-256: eae72bf80c2d364cf01a8b82aa740ab85d1b509dd48033356bfe2b3b28bf581b |
| x86_64 | |
| rh-dotnet21-2.1-10.el7.x86_64.rpm | SHA-256: bee024b42d10d37e042388b2b2602d417ed0cffa88c84140a05d0d7e5c6f9e5f |
| rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm | SHA-256: 7a85b9ce4164f31e77af29d8c9f65819c8ce561737ae1d4e726af88c3b2238ab |
| rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm | SHA-256: 9cbc7b848615fd44f3cd7ec6649d8ded8c81eb8b4a8ff6d69605f622520834ce |
| rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm | SHA-256: 52530af7a21174a938521d92a772347d8711075f07b346c23fa8d7b6da0ce51a |
| rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm | SHA-256: 698c97f7198b1045b0e54de9d463db0f72214552621d56688c1b49037194becf |
| rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm | SHA-256: cdbbcc33a35221c54b818f9ed377aa0d553bd69415d441762f072d6bfbc40d7e |
| rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm | SHA-256: 4745cfffdd17e54876c3768c6fddc5993a837ae956f4c01aa6e624a1f1b9907f |
| rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm | SHA-256: 097c6f66deb5949ce99701c49fd26fb4cdc76b78e3458a7a72c7518128e42ff6 |
| rh-dotnet22-2.2-7.el7.x86_64.rpm | SHA-256: 8fa1f8559ea86a10dac106c2f559894534b3ff97eafb7fa47c6cd75d119db5fa |
| rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm | SHA-256: d47d88c0ad548ff21d18d41e0b2fac0fd159c24cc59f6a64f59466e9cdd7c5b0 |
| rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm | SHA-256: 857ff769e3c77954369d1f8c4295ba05e537ffceb9477e365b213a17a0e0d52c |
| rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm | SHA-256: 869f2536bdb24c55a13b25f934169286e6d2e538ba259076094dad362a6a509e |
| rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm | SHA-256: f01c398fcb5d97149bf6932c15cc53cfa26b3234149cadcce79a3293ec0f3af8 |
| rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm | SHA-256: a41b8d9662c94b336bf54aebfdc59fb5c75dff94ce11c2f96f9db1bc7662f862 |
| rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm | SHA-256: 42d1c59a35072f32aa01c78d36d49f514d6857d9d15b43f05d22945262541615 |
| rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm | SHA-256: 1eff9d496d7a09a70f24b4239bac3d8a6b97d6ef968cea0dfae754d753f5c37a |
| rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm | SHA-256: a5fe0ddb0e1c38b6359f2b3e909d0a62145dd6248178c5d226787fee040fb4aa |
| rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm | SHA-256: 3aece2cc0d524925da55cef60e34314987409fa6ce509626bfbbcb83ddb20595 |
| rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm | SHA-256: 06fe4627861cf29067c6af56aa06c7d93b36d0fb43b20260ecd68aea0f142586 |
| rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm | SHA-256: 1e8be2fbbf71426540900f3803d4d981ec6c83e2eb476b6228e295d5d1a42172 |
| rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm | SHA-256: b6c6b330a109c9e9f2a29d3907bb95563df5976f874417477fa229c721dca1e8 |
| rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm | SHA-256: b489ca96c1f2d7d680386299dce33c021698b4a7829e199007adee302cd65495 |
| rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm | SHA-256: 9a9aff68dfcea897122523fd2893221027f73dc3a625257661594092ea1dc7c2 |
| rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm | SHA-256: 22a9c12cdcb917cb0d0f7845d7464cbbf2b66c9e61183b3f6f75bc768b5e9bed |
| rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm | SHA-256: 8c230418c3dea93d4b9b3c411e257cc00dc737ebf6b5fa3e7d83a182b2fc0114 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.