Issued:: 2020-07-17
Updated:: 2020-07-17

RHSA-2020:2989 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: .NET Core security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET Core is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now
available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516.

Security Fix(es):

.NET Core: XML source markup processing remote code execution (CVE-2020-1147)

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1856929 - CVE-2020-1147 dotnet: XML source markup processing remote code execution

CVEs

CVE-2020-1147

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
dotnet-2.1.516-1.el8_0.src.rpm	SHA-256: bf72f9bc3cfecc9a49f8dd3004a20c418e2577980580f36c3090ea36b68118d2
x86_64
dotnet-2.1.516-1.el8_0.x86_64.rpm	SHA-256: 258be625d0f5bab4ebb619df6fce7903ae15ef94aaffa1869fbcfd96c0d89aea
dotnet-debuginfo-2.1.516-1.el8_0.x86_64.rpm	SHA-256: 5a4497a8a4da5cfc18dd448b2c20098045343b0d469a85431c71c2419e229d16
dotnet-debugsource-2.1.516-1.el8_0.x86_64.rpm	SHA-256: 496193ce76fabc0769c625b3ec9290270ff993b756c41e762dc4dc55fb816840
dotnet-host-2.1.20-1.el8_0.x86_64.rpm	SHA-256: 97af3a9c2b24bc74fe80e4950f858400d1e4e1a36942ae3d1546541e420f7f2e
dotnet-host-debuginfo-2.1.20-1.el8_0.x86_64.rpm	SHA-256: 5f2479b8d89ad362f3cb5108999231ca1b85b2ffeb581869ffa7ebbd6358f556
dotnet-host-fxr-2.1-2.1.20-1.el8_0.x86_64.rpm	SHA-256: 0544a75d3f6d751a5bce51a8cf3c9edf01cc668cefb2810a634e920ba2ab1eb0
dotnet-host-fxr-2.1-debuginfo-2.1.20-1.el8_0.x86_64.rpm	SHA-256: 8c785c1361c09599eefdeeb3e5d211f49e61e3941ad5a2c80793e3adcacd37d7
dotnet-runtime-2.1-2.1.20-1.el8_0.x86_64.rpm	SHA-256: a6b2a661699fe4a8a69f5f0c40f64f23aeed2d0055899285269677b616a04f4d
dotnet-runtime-2.1-debuginfo-2.1.20-1.el8_0.x86_64.rpm	SHA-256: d046996ad0ab3384de5e44aca1454dd467a56c5e10d04d36f2f5234d29e04daf
dotnet-sdk-2.1-2.1.516-1.el8_0.x86_64.rpm	SHA-256: b3af65c8e001e79a7f832025e13fc5809a8dc9c55c481b719fcb85a7ecc132ce
dotnet-sdk-2.1.5xx-2.1.516-1.el8_0.x86_64.rpm	SHA-256: 14222fbfaa9c21c9ac7c9a88e1ee205ee29c86b2ef772bedb85c2f13ff57c9ed
dotnet-sdk-2.1.5xx-debuginfo-2.1.516-1.el8_0.x86_64.rpm	SHA-256: 98a9efedbd6ad5763368bd1e4eefd9cf9b5cd7dea9f8b8220e351a1abf286218

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation