Red Hat Product Errata RHSA-2022:6038 - Security Advisory
Issued:
2022-08-10
Updated:
2022-08-10

RHSA-2022:6038 - Security Advisory

Synopsis

Moderate: .NET 6.0 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.108). (BZ#2112407)

Security Fix(es):

  • dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 2115183 - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet60-dotnet-6.0.108-1.el7_9.src.rpm SHA-256: bc09398136dd93e2bd254669a5d0cc603938a2268f87713433b694cf92af8ecb
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 92dbb12fd2a449747062e4b7143c82d9ea511be0fda887d0f10f19027ccacb34
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: cf444f9cc3eb2c9c9a351c21102d597721c6e55e0958b3e16fa10c4ef4ccdad8
rh-dotnet60-dotnet-6.0.108-1.el7_9.x86_64.rpm SHA-256: a758646188fed4e481d0cfb8a236fb8400ab41242079893bdc536781ec49a8e0
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 9c9ac10f4b38421755b9b3dd8d001b76d8130e90e9d18434ef50fef01dce1515
rh-dotnet60-dotnet-debuginfo-6.0.108-1.el7_9.x86_64.rpm SHA-256: 490e8ebc109e5f5caf83fc5ccde6cfbcfe311bcdc82a0f724f1bf9593eb4dd17
rh-dotnet60-dotnet-host-6.0.8-1.el7_9.x86_64.rpm SHA-256: a2f072582d9392380a2157210f6c9daf43cdb6fd39d4b12153a3ec7bfeee05f7
rh-dotnet60-dotnet-hostfxr-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: c6492460068104d889bcb84ad9322201fe0405f36bcd4e9fb8a6fccf04d67d1d
rh-dotnet60-dotnet-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 7fbd95a00c1d80a154388732b05fd3db7ec474ce029900558d2febd0bbc0c145
rh-dotnet60-dotnet-sdk-6.0-6.0.108-1.el7_9.x86_64.rpm SHA-256: 8c9f059beb1e31ba377389265b79accbf179143cbf718f069b52260018a24cef
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.108-1.el7_9.x86_64.rpm SHA-256: 9ec364f90904cee5cd78ce11f08ebf911f3c4329e47dc387db20f7c0da9c1e3e
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 670e4aad2504ea12515e0fdf3cb70354da7658171db9c564e6851b45f7b970cd
rh-dotnet60-dotnet-templates-6.0-6.0.108-1.el7_9.x86_64.rpm SHA-256: 4f8949ea35b50ca07d40cab1b77a275152cad80372b60d526988ea521b8d1ff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.108-1.el7_9.x86_64.rpm SHA-256: 23460cd27a96f738ada78ca5327ac5b60f8f02147f90027f5c30af70c581b467

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet60-dotnet-6.0.108-1.el7_9.src.rpm SHA-256: bc09398136dd93e2bd254669a5d0cc603938a2268f87713433b694cf92af8ecb
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 92dbb12fd2a449747062e4b7143c82d9ea511be0fda887d0f10f19027ccacb34
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: cf444f9cc3eb2c9c9a351c21102d597721c6e55e0958b3e16fa10c4ef4ccdad8
rh-dotnet60-dotnet-6.0.108-1.el7_9.x86_64.rpm SHA-256: a758646188fed4e481d0cfb8a236fb8400ab41242079893bdc536781ec49a8e0
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 9c9ac10f4b38421755b9b3dd8d001b76d8130e90e9d18434ef50fef01dce1515
rh-dotnet60-dotnet-debuginfo-6.0.108-1.el7_9.x86_64.rpm SHA-256: 490e8ebc109e5f5caf83fc5ccde6cfbcfe311bcdc82a0f724f1bf9593eb4dd17
rh-dotnet60-dotnet-host-6.0.8-1.el7_9.x86_64.rpm SHA-256: a2f072582d9392380a2157210f6c9daf43cdb6fd39d4b12153a3ec7bfeee05f7
rh-dotnet60-dotnet-hostfxr-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: c6492460068104d889bcb84ad9322201fe0405f36bcd4e9fb8a6fccf04d67d1d
rh-dotnet60-dotnet-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 7fbd95a00c1d80a154388732b05fd3db7ec474ce029900558d2febd0bbc0c145
rh-dotnet60-dotnet-sdk-6.0-6.0.108-1.el7_9.x86_64.rpm SHA-256: 8c9f059beb1e31ba377389265b79accbf179143cbf718f069b52260018a24cef
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.108-1.el7_9.x86_64.rpm SHA-256: 9ec364f90904cee5cd78ce11f08ebf911f3c4329e47dc387db20f7c0da9c1e3e
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 670e4aad2504ea12515e0fdf3cb70354da7658171db9c564e6851b45f7b970cd
rh-dotnet60-dotnet-templates-6.0-6.0.108-1.el7_9.x86_64.rpm SHA-256: 4f8949ea35b50ca07d40cab1b77a275152cad80372b60d526988ea521b8d1ff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.108-1.el7_9.x86_64.rpm SHA-256: 23460cd27a96f738ada78ca5327ac5b60f8f02147f90027f5c30af70c581b467

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet60-dotnet-6.0.108-1.el7_9.src.rpm SHA-256: bc09398136dd93e2bd254669a5d0cc603938a2268f87713433b694cf92af8ecb
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 92dbb12fd2a449747062e4b7143c82d9ea511be0fda887d0f10f19027ccacb34
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: cf444f9cc3eb2c9c9a351c21102d597721c6e55e0958b3e16fa10c4ef4ccdad8
rh-dotnet60-dotnet-6.0.108-1.el7_9.x86_64.rpm SHA-256: a758646188fed4e481d0cfb8a236fb8400ab41242079893bdc536781ec49a8e0
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 9c9ac10f4b38421755b9b3dd8d001b76d8130e90e9d18434ef50fef01dce1515
rh-dotnet60-dotnet-debuginfo-6.0.108-1.el7_9.x86_64.rpm SHA-256: 490e8ebc109e5f5caf83fc5ccde6cfbcfe311bcdc82a0f724f1bf9593eb4dd17
rh-dotnet60-dotnet-host-6.0.8-1.el7_9.x86_64.rpm SHA-256: a2f072582d9392380a2157210f6c9daf43cdb6fd39d4b12153a3ec7bfeee05f7
rh-dotnet60-dotnet-hostfxr-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: c6492460068104d889bcb84ad9322201fe0405f36bcd4e9fb8a6fccf04d67d1d
rh-dotnet60-dotnet-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 7fbd95a00c1d80a154388732b05fd3db7ec474ce029900558d2febd0bbc0c145
rh-dotnet60-dotnet-sdk-6.0-6.0.108-1.el7_9.x86_64.rpm SHA-256: 8c9f059beb1e31ba377389265b79accbf179143cbf718f069b52260018a24cef
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.108-1.el7_9.x86_64.rpm SHA-256: 9ec364f90904cee5cd78ce11f08ebf911f3c4329e47dc387db20f7c0da9c1e3e
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm SHA-256: 670e4aad2504ea12515e0fdf3cb70354da7658171db9c564e6851b45f7b970cd
rh-dotnet60-dotnet-templates-6.0-6.0.108-1.el7_9.x86_64.rpm SHA-256: 4f8949ea35b50ca07d40cab1b77a275152cad80372b60d526988ea521b8d1ff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.108-1.el7_9.x86_64.rpm SHA-256: 23460cd27a96f738ada78ca5327ac5b60f8f02147f90027f5c30af70c581b467

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.