Red Hat Product Errata RHSA-2023:6249 - Security Advisory
Issued:
2023-11-01
Updated:
2023-11-01

RHSA-2023:6249 - Security Advisory

Synopsis

Moderate: .NET 6.0 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The CVE-2023-36799 was previously fixed in .NET 6.0 packages in Red Hat Enterprise Linux 7 via erratum RHSA-2023:5142, which updated .NET to SDK 6.0.122 and Runtime 6.0.22. However, the fix was not included in the upstream SDK 6.0.123 and Runtime 6.0.23, which was added to Red Hat Enterprise Linux 7 via erratum RHSA-2023:5705, introducing a security regression. This erratum re-adds the fix for CVE-2023-36799 to .NET 6.0 packages.

For more details about the regression, refer to the upstream release notes linked to the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24.

Security Fix(es):

  • dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 2237317 - CVE-2023-36799 dotnet: Denial of Service with Client Certificates using .NET Kestrel

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet60-dotnet-6.0.124-1.el7_9.src.rpm SHA-256: 9d308921708566a84da981dee44bd644994d5bffa1e5f48984b19a22ae447178
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: bb43787b54ce0cf83a46679ec217381c39baf2e199d63e2a0b1f8519d9ab5be6
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: eb8d65148e47f9adf330a77f4c2e92a864aad97fe52f8c745c1bbcadcb71c519
rh-dotnet60-dotnet-6.0.124-1.el7_9.x86_64.rpm SHA-256: aa2ebb619ce9fd684cff0574254172ae47790c01cc4e65b974d9f79fb64d5387
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: a619c6e5e470232af2b5507941dee805c9e88ddd9999deea82fd7fa783e28d38
rh-dotnet60-dotnet-debuginfo-6.0.124-1.el7_9.x86_64.rpm SHA-256: 9d6a75d738fd8701987fa496f23dc8aabcd676d7f384300909e20de3f7e2e6a3
rh-dotnet60-dotnet-host-6.0.24-1.el7_9.x86_64.rpm SHA-256: 67caebee5fc7f2e7c8ffa09121b4683ed2de5704f4a259b97959866f91854baa
rh-dotnet60-dotnet-hostfxr-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: 373d256f32f37026f51ffb6bf1b3eb81eae6c2e4cede83a9fdd764097ebea12d
rh-dotnet60-dotnet-runtime-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: fe3aa410e1318c3a4c370ad83264f2e4eab0c4a85a515cdb6ae0d4c6710bfe87
rh-dotnet60-dotnet-sdk-6.0-6.0.124-1.el7_9.x86_64.rpm SHA-256: 7ffa662207ad956e7e1a68801ea91b2f78f308a06e2d0b9a0407bae043f361be
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.124-1.el7_9.x86_64.rpm SHA-256: b6ece9e3ae17c267ae6f576393f47ff4d7e31492049ad603443d1a46f95fc9b1
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: e2a5412ceff9b30c4795911b25e0b304cd28c62f146736e9276e95bddf796919
rh-dotnet60-dotnet-templates-6.0-6.0.124-1.el7_9.x86_64.rpm SHA-256: ec3f3e192e319e489f8c5c27375721b238745f3b5d4b6afc9225fc7628a3b84b
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.124-1.el7_9.x86_64.rpm SHA-256: 76fe37c9c2cf22061ebf4f7f2e50ed810271acb4dded6c727c534eec8c81931a

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet60-dotnet-6.0.124-1.el7_9.src.rpm SHA-256: 9d308921708566a84da981dee44bd644994d5bffa1e5f48984b19a22ae447178
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: bb43787b54ce0cf83a46679ec217381c39baf2e199d63e2a0b1f8519d9ab5be6
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: eb8d65148e47f9adf330a77f4c2e92a864aad97fe52f8c745c1bbcadcb71c519
rh-dotnet60-dotnet-6.0.124-1.el7_9.x86_64.rpm SHA-256: aa2ebb619ce9fd684cff0574254172ae47790c01cc4e65b974d9f79fb64d5387
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: a619c6e5e470232af2b5507941dee805c9e88ddd9999deea82fd7fa783e28d38
rh-dotnet60-dotnet-debuginfo-6.0.124-1.el7_9.x86_64.rpm SHA-256: 9d6a75d738fd8701987fa496f23dc8aabcd676d7f384300909e20de3f7e2e6a3
rh-dotnet60-dotnet-host-6.0.24-1.el7_9.x86_64.rpm SHA-256: 67caebee5fc7f2e7c8ffa09121b4683ed2de5704f4a259b97959866f91854baa
rh-dotnet60-dotnet-hostfxr-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: 373d256f32f37026f51ffb6bf1b3eb81eae6c2e4cede83a9fdd764097ebea12d
rh-dotnet60-dotnet-runtime-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: fe3aa410e1318c3a4c370ad83264f2e4eab0c4a85a515cdb6ae0d4c6710bfe87
rh-dotnet60-dotnet-sdk-6.0-6.0.124-1.el7_9.x86_64.rpm SHA-256: 7ffa662207ad956e7e1a68801ea91b2f78f308a06e2d0b9a0407bae043f361be
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.124-1.el7_9.x86_64.rpm SHA-256: b6ece9e3ae17c267ae6f576393f47ff4d7e31492049ad603443d1a46f95fc9b1
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: e2a5412ceff9b30c4795911b25e0b304cd28c62f146736e9276e95bddf796919
rh-dotnet60-dotnet-templates-6.0-6.0.124-1.el7_9.x86_64.rpm SHA-256: ec3f3e192e319e489f8c5c27375721b238745f3b5d4b6afc9225fc7628a3b84b
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.124-1.el7_9.x86_64.rpm SHA-256: 76fe37c9c2cf22061ebf4f7f2e50ed810271acb4dded6c727c534eec8c81931a

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet60-dotnet-6.0.124-1.el7_9.src.rpm SHA-256: 9d308921708566a84da981dee44bd644994d5bffa1e5f48984b19a22ae447178
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: bb43787b54ce0cf83a46679ec217381c39baf2e199d63e2a0b1f8519d9ab5be6
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: eb8d65148e47f9adf330a77f4c2e92a864aad97fe52f8c745c1bbcadcb71c519
rh-dotnet60-dotnet-6.0.124-1.el7_9.x86_64.rpm SHA-256: aa2ebb619ce9fd684cff0574254172ae47790c01cc4e65b974d9f79fb64d5387
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: a619c6e5e470232af2b5507941dee805c9e88ddd9999deea82fd7fa783e28d38
rh-dotnet60-dotnet-debuginfo-6.0.124-1.el7_9.x86_64.rpm SHA-256: 9d6a75d738fd8701987fa496f23dc8aabcd676d7f384300909e20de3f7e2e6a3
rh-dotnet60-dotnet-host-6.0.24-1.el7_9.x86_64.rpm SHA-256: 67caebee5fc7f2e7c8ffa09121b4683ed2de5704f4a259b97959866f91854baa
rh-dotnet60-dotnet-hostfxr-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: 373d256f32f37026f51ffb6bf1b3eb81eae6c2e4cede83a9fdd764097ebea12d
rh-dotnet60-dotnet-runtime-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: fe3aa410e1318c3a4c370ad83264f2e4eab0c4a85a515cdb6ae0d4c6710bfe87
rh-dotnet60-dotnet-sdk-6.0-6.0.124-1.el7_9.x86_64.rpm SHA-256: 7ffa662207ad956e7e1a68801ea91b2f78f308a06e2d0b9a0407bae043f361be
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.124-1.el7_9.x86_64.rpm SHA-256: b6ece9e3ae17c267ae6f576393f47ff4d7e31492049ad603443d1a46f95fc9b1
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.24-1.el7_9.x86_64.rpm SHA-256: e2a5412ceff9b30c4795911b25e0b304cd28c62f146736e9276e95bddf796919
rh-dotnet60-dotnet-templates-6.0-6.0.124-1.el7_9.x86_64.rpm SHA-256: ec3f3e192e319e489f8c5c27375721b238745f3b5d4b6afc9225fc7628a3b84b
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.124-1.el7_9.x86_64.rpm SHA-256: 76fe37c9c2cf22061ebf4f7f2e50ed810271acb4dded6c727c534eec8c81931a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.