Issued:
2022-03-10
Updated:
2022-03-10

RHSA-2022:0827 - Security Advisory

Synopsis

Important: .NET Core 3.1 security and bugfix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.

Security Fix(es):

  • dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
  • dotnet: double parser stack buffer overrun (CVE-2022-24512)
  • brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64

Fixes

  • BZ - 1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB
  • BZ - 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader
  • BZ - 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun

Red Hat Enterprise Linux for x86_64 8

SRPM
dotnet3.1-3.1.417-1.el8_5.src.rpm SHA-256: 598bd0445659343e5d9e8be56db955871dc08e8a415df7662b412f76a43b93a1
x86_64
aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae108f57427c7fefa45c64923875bf42867f244b314a31bbef0ad67ce33689f2
aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 0047fb78f9b8b4cc1594c4b0dc6fb2c0e35c4eb0d1c23a68d037a27659c6814e
dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 78a663dd7a6963bf556f0fc196534f79fcf84a57fb274540773899a4954c6c37
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 17a7c13737bc1751e0458de5f3e968a565c12a2d1f2540721776a6be99745881
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: efc17358ec3e58bb37f1abc338aa0af4464c7ceb5f5b805002063813a9f3acf7
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 60508bf4b192e31760d95c30e570480420f13314d7edf02533a42bbb1e2461a6
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: d2a3f370d642d92c1cb28cc9fd100e02fdad304d043fca73b4ff0ae99f73fcf6
dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 50ad0cf588208b39e5e0adeb0b23ed107925656bad110f87bd43899891201b17
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
dotnet3.1-3.1.417-1.el8_5.src.rpm SHA-256: 598bd0445659343e5d9e8be56db955871dc08e8a415df7662b412f76a43b93a1
x86_64
aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae108f57427c7fefa45c64923875bf42867f244b314a31bbef0ad67ce33689f2
aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 0047fb78f9b8b4cc1594c4b0dc6fb2c0e35c4eb0d1c23a68d037a27659c6814e
dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 78a663dd7a6963bf556f0fc196534f79fcf84a57fb274540773899a4954c6c37
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 17a7c13737bc1751e0458de5f3e968a565c12a2d1f2540721776a6be99745881
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: efc17358ec3e58bb37f1abc338aa0af4464c7ceb5f5b805002063813a9f3acf7
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 60508bf4b192e31760d95c30e570480420f13314d7edf02533a42bbb1e2461a6
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: d2a3f370d642d92c1cb28cc9fd100e02fdad304d043fca73b4ff0ae99f73fcf6
dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 50ad0cf588208b39e5e0adeb0b23ed107925656bad110f87bd43899891201b17
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
dotnet3.1-3.1.417-1.el8_5.src.rpm SHA-256: 598bd0445659343e5d9e8be56db955871dc08e8a415df7662b412f76a43b93a1
x86_64
aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae108f57427c7fefa45c64923875bf42867f244b314a31bbef0ad67ce33689f2
aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 0047fb78f9b8b4cc1594c4b0dc6fb2c0e35c4eb0d1c23a68d037a27659c6814e
dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 78a663dd7a6963bf556f0fc196534f79fcf84a57fb274540773899a4954c6c37
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 17a7c13737bc1751e0458de5f3e968a565c12a2d1f2540721776a6be99745881
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: efc17358ec3e58bb37f1abc338aa0af4464c7ceb5f5b805002063813a9f3acf7
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 60508bf4b192e31760d95c30e570480420f13314d7edf02533a42bbb1e2461a6
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: d2a3f370d642d92c1cb28cc9fd100e02fdad304d043fca73b4ff0ae99f73fcf6
dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 50ad0cf588208b39e5e0adeb0b23ed107925656bad110f87bd43899891201b17
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
dotnet3.1-3.1.417-1.el8_5.src.rpm SHA-256: 598bd0445659343e5d9e8be56db955871dc08e8a415df7662b412f76a43b93a1
x86_64
aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae108f57427c7fefa45c64923875bf42867f244b314a31bbef0ad67ce33689f2
aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 0047fb78f9b8b4cc1594c4b0dc6fb2c0e35c4eb0d1c23a68d037a27659c6814e
dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 78a663dd7a6963bf556f0fc196534f79fcf84a57fb274540773899a4954c6c37
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 17a7c13737bc1751e0458de5f3e968a565c12a2d1f2540721776a6be99745881
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: efc17358ec3e58bb37f1abc338aa0af4464c7ceb5f5b805002063813a9f3acf7
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 60508bf4b192e31760d95c30e570480420f13314d7edf02533a42bbb1e2461a6
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: d2a3f370d642d92c1cb28cc9fd100e02fdad304d043fca73b4ff0ae99f73fcf6
dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 50ad0cf588208b39e5e0adeb0b23ed107925656bad110f87bd43899891201b17
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
dotnet3.1-3.1.417-1.el8_5.src.rpm SHA-256: 598bd0445659343e5d9e8be56db955871dc08e8a415df7662b412f76a43b93a1
x86_64
aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae108f57427c7fefa45c64923875bf42867f244b314a31bbef0ad67ce33689f2
aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 0047fb78f9b8b4cc1594c4b0dc6fb2c0e35c4eb0d1c23a68d037a27659c6814e
dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 78a663dd7a6963bf556f0fc196534f79fcf84a57fb274540773899a4954c6c37
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: 17a7c13737bc1751e0458de5f3e968a565c12a2d1f2540721776a6be99745881
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: efc17358ec3e58bb37f1abc338aa0af4464c7ceb5f5b805002063813a9f3acf7
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 60508bf4b192e31760d95c30e570480420f13314d7edf02533a42bbb1e2461a6
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm SHA-256: d2a3f370d642d92c1cb28cc9fd100e02fdad304d043fca73b4ff0ae99f73fcf6
dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm SHA-256: 50ad0cf588208b39e5e0adeb0b23ed107925656bad110f87bd43899891201b17
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el8_5.x86_64.rpm SHA-256: 3376f63cc82663f18345d1e0463ba4d0ac0eda50de118cbcd1f5a53919873232
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76
dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1
dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da
dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893
dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el8_5.x86_64.rpm SHA-256: 3376f63cc82663f18345d1e0463ba4d0ac0eda50de118cbcd1f5a53919873232
dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08
dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.