Red Hat Product Errata RHSA-2022:6520 - Security Advisory
Issued:
2022-09-14
Updated:
2022-09-14

RHSA-2022:6520 - Security Advisory

Synopsis

Moderate: .NET 6.0 on RHEL 7 security and bugfix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.

Security Fix(es):

  • dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. (CVE-2022-38013)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm SHA-256: 70ed1bdadbc03cdb657ec888f2926d4b33c53121bdc0a4012ee552c419926bfa
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: e3fe09347f660dade21ecf175cf98c2c9fe48f79679043f704d523088adb52ae
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: 7737e44509849f249ebbdab465b3366c7a80bd1a9d48faaac853c66995ddf6a5
rh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm SHA-256: 2d7ddfe2a6f5967895924802f4f2cae58ff25ddc84100de404d5ccfbdea52aa3
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: e35cfb446e3de33494b0f04a26ca0c793ca01a9620666239036c1204ba657e72
rh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm SHA-256: 348bca99da5bf243d62f6169426d42cf828fad92b307646206fa77c2d4f078a6
rh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm SHA-256: 8fed917e2ea1a9feb99dfa29532b1275e3385ea5980b1dc5d0d616916db113ee
rh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: a523187cfb1a8ffd2fd0904d908e4b85eca29f3df837bcf5ad13b085baeff1eb
rh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: 84a296614fa34839dffc0ad201f0c067eefd521e0508aa91774c070d616525b8
rh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm SHA-256: ff9e9b5d7dbf6168f6d1e906e92eef9b237329320e267550d9302dbd89ff933b
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm SHA-256: e2ec93313f06373b4b8be025424445de4a605cd15e72a4168d74fbc1df9d4ab2
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: d4497200be09af601e9459ef611bfef7b7e6cbcf75ec1858b13ff4649e0a6740
rh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm SHA-256: 5d0b814032d6ac7a9daf1e120bc95d7b4d8a33aefbac8c48b15594ddefa00f37
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm SHA-256: 101a4ab160a2e3ba05d0c8d99a796289d195640a0b3e0e0de79c39a94b8be67f

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm SHA-256: 70ed1bdadbc03cdb657ec888f2926d4b33c53121bdc0a4012ee552c419926bfa
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: e3fe09347f660dade21ecf175cf98c2c9fe48f79679043f704d523088adb52ae
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: 7737e44509849f249ebbdab465b3366c7a80bd1a9d48faaac853c66995ddf6a5
rh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm SHA-256: 2d7ddfe2a6f5967895924802f4f2cae58ff25ddc84100de404d5ccfbdea52aa3
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: e35cfb446e3de33494b0f04a26ca0c793ca01a9620666239036c1204ba657e72
rh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm SHA-256: 348bca99da5bf243d62f6169426d42cf828fad92b307646206fa77c2d4f078a6
rh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm SHA-256: 8fed917e2ea1a9feb99dfa29532b1275e3385ea5980b1dc5d0d616916db113ee
rh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: a523187cfb1a8ffd2fd0904d908e4b85eca29f3df837bcf5ad13b085baeff1eb
rh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: 84a296614fa34839dffc0ad201f0c067eefd521e0508aa91774c070d616525b8
rh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm SHA-256: ff9e9b5d7dbf6168f6d1e906e92eef9b237329320e267550d9302dbd89ff933b
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm SHA-256: e2ec93313f06373b4b8be025424445de4a605cd15e72a4168d74fbc1df9d4ab2
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: d4497200be09af601e9459ef611bfef7b7e6cbcf75ec1858b13ff4649e0a6740
rh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm SHA-256: 5d0b814032d6ac7a9daf1e120bc95d7b4d8a33aefbac8c48b15594ddefa00f37
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm SHA-256: 101a4ab160a2e3ba05d0c8d99a796289d195640a0b3e0e0de79c39a94b8be67f

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm SHA-256: 70ed1bdadbc03cdb657ec888f2926d4b33c53121bdc0a4012ee552c419926bfa
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: e3fe09347f660dade21ecf175cf98c2c9fe48f79679043f704d523088adb52ae
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: 7737e44509849f249ebbdab465b3366c7a80bd1a9d48faaac853c66995ddf6a5
rh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm SHA-256: 2d7ddfe2a6f5967895924802f4f2cae58ff25ddc84100de404d5ccfbdea52aa3
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: e35cfb446e3de33494b0f04a26ca0c793ca01a9620666239036c1204ba657e72
rh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm SHA-256: 348bca99da5bf243d62f6169426d42cf828fad92b307646206fa77c2d4f078a6
rh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm SHA-256: 8fed917e2ea1a9feb99dfa29532b1275e3385ea5980b1dc5d0d616916db113ee
rh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: a523187cfb1a8ffd2fd0904d908e4b85eca29f3df837bcf5ad13b085baeff1eb
rh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: 84a296614fa34839dffc0ad201f0c067eefd521e0508aa91774c070d616525b8
rh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm SHA-256: ff9e9b5d7dbf6168f6d1e906e92eef9b237329320e267550d9302dbd89ff933b
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm SHA-256: e2ec93313f06373b4b8be025424445de4a605cd15e72a4168d74fbc1df9d4ab2
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm SHA-256: d4497200be09af601e9459ef611bfef7b7e6cbcf75ec1858b13ff4649e0a6740
rh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm SHA-256: 5d0b814032d6ac7a9daf1e120bc95d7b4d8a33aefbac8c48b15594ddefa00f37
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm SHA-256: 101a4ab160a2e3ba05d0c8d99a796289d195640a0b3e0e0de79c39a94b8be67f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.