Red Hat Product Errata RHSA-2019:2732 - Security Advisory
Issued:
2019-09-11
Updated:
2019-09-11

RHSA-2019:2732 - Security Advisory

Synopsis

Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.13, and 2.2.7.

Security Fix(es):

  • dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service (CVE-2019-1301)

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 1750793 - CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet21-2.1-12.el7.src.rpm SHA-256: d54d3181f3d7d95e28513075b64f6ea3606a165382c272847bb0d94310fd90c3
rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm SHA-256: 19b582c88a37985d257e1feb626c867f5e398674ad58f27b9dc60769340e088b
rh-dotnet22-2.2-9.el7.src.rpm SHA-256: 1662b94f73a7dfb2b662311bc18c73be8ab2a97e9a5796d0bbcb5f2086aaa1da
rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm SHA-256: bfcf1e2cbbb36696b8ca34a63c98de2823158d3e513df4fdc60cb0450479bebc
x86_64
rh-dotnet21-2.1-12.el7.x86_64.rpm SHA-256: 7aea61a3b725d32383f6e8acfc9157cde865e01a2ca68a15b30e4522302d6b99
rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm SHA-256: e1af6737fe3abdc66f7a87733f7fe832da8ca07bc1495bcec0f4b81366f58029
rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm SHA-256: a3904d2cd7dd4203f780aba81072650b81ab3cd58de2a50c63d7e0074938a8cb
rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm SHA-256: d31839a59173489945b86bc605ee1d0b2dea6c9bec664ace087cd2d0188c9e0d
rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm SHA-256: 2998f4c7d57a0669679608ef59936cf4f4a8910e863cb472611e9f2b97057ddf
rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm SHA-256: cbdf0e39485ba570e8a4151720bf85103e2d8ecdb945528e97b33c7eda4bad3a
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm SHA-256: 611ad0585940519d0739979eaac8b10a8ce71328487fdcd87bdd70e374936049
rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm SHA-256: 8c12b22bc7255c8c835dcd5578af18496b9985c3eb94b524c36b9bed7e0e024c
rh-dotnet22-2.2-9.el7.x86_64.rpm SHA-256: 1115bdb04a7e02790433b752343c056337871089ba0ec6faa1b7ea28a9a99d6e
rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm SHA-256: 91f0d4b79aea829629b114264dfd9f8fcdc6e30d40c61220eb6ebda893131b4e
rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm SHA-256: 0709b1bb8903cb814affff5ae1da20b09c71a3779e19ad9de9ea42b50d466bab
rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm SHA-256: ed38e01bce6cc119497c3538e2fbef1c9e8599e8620a81c87b342dbeae2a3049
rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm SHA-256: 5053400f2ae0a454611003acbabd8b23c9b49f6ce57941237bb499772ec49dc7
rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm SHA-256: b0256bc123ae2bb3316ceecb95b645c465bae30dfefa2cdbdb01862661957d30
rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm SHA-256: 50cec30420041a2dbb65c1be3e317a67f9bfedac85912a010163f99ac581344f
rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm SHA-256: fab6f2c83b79f0d79d81de87c025f309454bd816a46d465eb6cbc8ea05d9efba
rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm SHA-256: 7067bbe78a590a49c94921776b8aa317d31acd5615bbcaa097c939f4fb5806a7

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet21-2.1-12.el7.src.rpm SHA-256: d54d3181f3d7d95e28513075b64f6ea3606a165382c272847bb0d94310fd90c3
rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm SHA-256: 19b582c88a37985d257e1feb626c867f5e398674ad58f27b9dc60769340e088b
rh-dotnet22-2.2-9.el7.src.rpm SHA-256: 1662b94f73a7dfb2b662311bc18c73be8ab2a97e9a5796d0bbcb5f2086aaa1da
rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm SHA-256: bfcf1e2cbbb36696b8ca34a63c98de2823158d3e513df4fdc60cb0450479bebc
x86_64
rh-dotnet21-2.1-12.el7.x86_64.rpm SHA-256: 7aea61a3b725d32383f6e8acfc9157cde865e01a2ca68a15b30e4522302d6b99
rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm SHA-256: e1af6737fe3abdc66f7a87733f7fe832da8ca07bc1495bcec0f4b81366f58029
rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm SHA-256: a3904d2cd7dd4203f780aba81072650b81ab3cd58de2a50c63d7e0074938a8cb
rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm SHA-256: d31839a59173489945b86bc605ee1d0b2dea6c9bec664ace087cd2d0188c9e0d
rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm SHA-256: 2998f4c7d57a0669679608ef59936cf4f4a8910e863cb472611e9f2b97057ddf
rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm SHA-256: cbdf0e39485ba570e8a4151720bf85103e2d8ecdb945528e97b33c7eda4bad3a
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm SHA-256: 611ad0585940519d0739979eaac8b10a8ce71328487fdcd87bdd70e374936049
rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm SHA-256: 8c12b22bc7255c8c835dcd5578af18496b9985c3eb94b524c36b9bed7e0e024c
rh-dotnet22-2.2-9.el7.x86_64.rpm SHA-256: 1115bdb04a7e02790433b752343c056337871089ba0ec6faa1b7ea28a9a99d6e
rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm SHA-256: 91f0d4b79aea829629b114264dfd9f8fcdc6e30d40c61220eb6ebda893131b4e
rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm SHA-256: 0709b1bb8903cb814affff5ae1da20b09c71a3779e19ad9de9ea42b50d466bab
rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm SHA-256: ed38e01bce6cc119497c3538e2fbef1c9e8599e8620a81c87b342dbeae2a3049
rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm SHA-256: 5053400f2ae0a454611003acbabd8b23c9b49f6ce57941237bb499772ec49dc7
rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm SHA-256: b0256bc123ae2bb3316ceecb95b645c465bae30dfefa2cdbdb01862661957d30
rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm SHA-256: 50cec30420041a2dbb65c1be3e317a67f9bfedac85912a010163f99ac581344f
rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm SHA-256: fab6f2c83b79f0d79d81de87c025f309454bd816a46d465eb6cbc8ea05d9efba
rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm SHA-256: 7067bbe78a590a49c94921776b8aa317d31acd5615bbcaa097c939f4fb5806a7

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet21-2.1-12.el7.src.rpm SHA-256: d54d3181f3d7d95e28513075b64f6ea3606a165382c272847bb0d94310fd90c3
rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm SHA-256: 19b582c88a37985d257e1feb626c867f5e398674ad58f27b9dc60769340e088b
rh-dotnet22-2.2-9.el7.src.rpm SHA-256: 1662b94f73a7dfb2b662311bc18c73be8ab2a97e9a5796d0bbcb5f2086aaa1da
rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm SHA-256: bfcf1e2cbbb36696b8ca34a63c98de2823158d3e513df4fdc60cb0450479bebc
x86_64
rh-dotnet21-2.1-12.el7.x86_64.rpm SHA-256: 7aea61a3b725d32383f6e8acfc9157cde865e01a2ca68a15b30e4522302d6b99
rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm SHA-256: e1af6737fe3abdc66f7a87733f7fe832da8ca07bc1495bcec0f4b81366f58029
rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm SHA-256: a3904d2cd7dd4203f780aba81072650b81ab3cd58de2a50c63d7e0074938a8cb
rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm SHA-256: d31839a59173489945b86bc605ee1d0b2dea6c9bec664ace087cd2d0188c9e0d
rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm SHA-256: 2998f4c7d57a0669679608ef59936cf4f4a8910e863cb472611e9f2b97057ddf
rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm SHA-256: cbdf0e39485ba570e8a4151720bf85103e2d8ecdb945528e97b33c7eda4bad3a
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm SHA-256: 611ad0585940519d0739979eaac8b10a8ce71328487fdcd87bdd70e374936049
rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm SHA-256: 8c12b22bc7255c8c835dcd5578af18496b9985c3eb94b524c36b9bed7e0e024c
rh-dotnet22-2.2-9.el7.x86_64.rpm SHA-256: 1115bdb04a7e02790433b752343c056337871089ba0ec6faa1b7ea28a9a99d6e
rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm SHA-256: 91f0d4b79aea829629b114264dfd9f8fcdc6e30d40c61220eb6ebda893131b4e
rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm SHA-256: 0709b1bb8903cb814affff5ae1da20b09c71a3779e19ad9de9ea42b50d466bab
rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm SHA-256: ed38e01bce6cc119497c3538e2fbef1c9e8599e8620a81c87b342dbeae2a3049
rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm SHA-256: 5053400f2ae0a454611003acbabd8b23c9b49f6ce57941237bb499772ec49dc7
rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm SHA-256: b0256bc123ae2bb3316ceecb95b645c465bae30dfefa2cdbdb01862661957d30
rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm SHA-256: 50cec30420041a2dbb65c1be3e317a67f9bfedac85912a010163f99ac581344f
rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm SHA-256: fab6f2c83b79f0d79d81de87c025f309454bd816a46d465eb6cbc8ea05d9efba
rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm SHA-256: 7067bbe78a590a49c94921776b8aa317d31acd5615bbcaa097c939f4fb5806a7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.