Issued:: 2023-11-15
Updated:: 2023-11-15

RHSA-2023:7256 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: dotnet7.0 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dotnet7.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14.

Security Fix(es):

dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)
dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

BZ - 2247750 - CVE-2023-36558 dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms
BZ - 2248883 - CVE-2023-36049 dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
dotnet7.0-7.0.114-1.el8_9.src.rpm	SHA-256: ba62f04c3af85134f57cc2726421a5709b1a0f271638aab2c7178c35353db700
x86_64
aspnetcore-runtime-7.0-7.0.14-1.el8_9.x86_64.rpm	SHA-256: de72aff8387180ede7c374f82a4069b65c477fc2d31794e7dadb5e3b775c88ca
aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.x86_64.rpm	SHA-256: e9caccfbd6e205eb5379a2a446c484ffd9c11a66c2243f13ddb980f2ad70d7bf
dotnet-apphost-pack-7.0-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 4d348335e2d3e70421c010de1e182b743278b769ef81a61d884149fa506dc667
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 170860b91d00c87984a530f3e971e79b0646319b725186002dd2d71eb14f00d7
dotnet-hostfxr-7.0-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 69996c50428710a24387d12023382afd10b69492bf2e10107fc2ece0f6668a06
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 8b7169fd0d35762d9b939cbe1aacc8db05ae7f1d1a1bf40462c30817a93ab858
dotnet-runtime-7.0-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 4357a1df8c11f6941a10fcbe90f7b38e043f43f9b378bd39d056a5f91295fe99
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.x86_64.rpm	SHA-256: add8488700f2f517c66554da9907f69b77a5acc49c8cef30ca6e0f7451ca1d30
dotnet-sdk-7.0-7.0.114-1.el8_9.x86_64.rpm	SHA-256: 69dcc79083982aeaea26d64c940b9d97e94876f82814844ce5b5b228262a678a
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.x86_64.rpm	SHA-256: 6288e8b0c5141f872c9f59c1eca23730f347ae772bc7dc22a6ab1c40ebaf3cb3
dotnet-targeting-pack-7.0-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 12e77d936e364b69b3a5a9e09ef22b250daf4ac97b4e1b1bfafbd469785cd77f
dotnet-templates-7.0-7.0.114-1.el8_9.x86_64.rpm	SHA-256: 2a625ed12f3fd677ef9a6b01bace4b8884721f440808da5a669f665586921e65
dotnet7.0-debuginfo-7.0.114-1.el8_9.x86_64.rpm	SHA-256: c735a8fb7ed06f02e2de6c844750218d125b3e099c932f8e5da0cdf0415e1125
dotnet7.0-debugsource-7.0.114-1.el8_9.x86_64.rpm	SHA-256: fd01248de1904e9144c8af52b7e52b6fc497734604843e74be4a0d032b2b1324

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
dotnet7.0-7.0.114-1.el8_9.src.rpm	SHA-256: ba62f04c3af85134f57cc2726421a5709b1a0f271638aab2c7178c35353db700
s390x
aspnetcore-runtime-7.0-7.0.14-1.el8_9.s390x.rpm	SHA-256: f18c59aabf6ce3329646bf0058847596918f94105d171bab1e866051ea8928f5
aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.s390x.rpm	SHA-256: 5ef4aa241023f89db9e4621f4ace6d857d338d960a4e4241233e8968eed19d6f
dotnet-apphost-pack-7.0-7.0.14-1.el8_9.s390x.rpm	SHA-256: f8c808f5e92f5e827c82690bd9833f31e71e0090be70c93cd92f74208b6564d1
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.s390x.rpm	SHA-256: b6dc572ee263fcafa59a6d4a71507e941ff900815a271ef6c760c718029a6461
dotnet-hostfxr-7.0-7.0.14-1.el8_9.s390x.rpm	SHA-256: ed80cfe7842916f467efd32f9a2bbe018dc686a1298c1b11b0f1400a627fbc33
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.s390x.rpm	SHA-256: ba42f622c9925eb4ccde49815b9f0db0c35e4066c6cdc42eefb082ca66ca4b16
dotnet-runtime-7.0-7.0.14-1.el8_9.s390x.rpm	SHA-256: 314210ae733f695bc25f0cf9a17684155d702542a93d9f2c7d64d977be695871
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.s390x.rpm	SHA-256: c7ec1e8c1763b30dba61a82289ebd64cc17322365ddf7944afdb2d5642f07520
dotnet-sdk-7.0-7.0.114-1.el8_9.s390x.rpm	SHA-256: b594310aea189e6f87acca5a06deef2d487b65ddf4e8ad1c887c97a5b93410ff
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.s390x.rpm	SHA-256: 33fbda0d28df4ce8957f8400a9175fafdac489b1d9bc5df2181281be423759a7
dotnet-targeting-pack-7.0-7.0.14-1.el8_9.s390x.rpm	SHA-256: a0dc8663f0fcdb8f0785ca5bc044885600d8eb7d18af51f4fea26ba80a99a6fc
dotnet-templates-7.0-7.0.114-1.el8_9.s390x.rpm	SHA-256: 0164dba83b08f3adccf4dc6653bd210ee3683213bf80b59ce64a94ea927241b7
dotnet7.0-debuginfo-7.0.114-1.el8_9.s390x.rpm	SHA-256: 4126ee25791dc08763e7d428727e8d118b2ebaae413f3594bc475ce94416b86c
dotnet7.0-debugsource-7.0.114-1.el8_9.s390x.rpm	SHA-256: f1f55ab9f144f22dd07e1ba11659f933267cabd90d82b347e3d837652616def6

Red Hat Enterprise Linux for Power, little endian 8

SRPM
dotnet7.0-7.0.114-1.el8_9.src.rpm	SHA-256: ba62f04c3af85134f57cc2726421a5709b1a0f271638aab2c7178c35353db700
ppc64le
aspnetcore-runtime-7.0-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: d5aff37b971f67ec6f076a9f587d5d48a084c26adc626922aae7a6d71cd199bf
aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: edc8474ecb45c62ae44641caaaecefd4dee9b742dfb2cac53d413276a80b03bf
dotnet-apphost-pack-7.0-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: 0e97cf8d056802edbb936de3d50fa2730e525d1a2477142c2faf100f9dd126ba
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: 7d656c5d305ce8a24abb26d69154b1087ecd7b91203c4854f97c5cdbdcb6bae3
dotnet-hostfxr-7.0-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: 551cb2b81364ad0ec217607444be6ad23217c8c5543aa99de326bd95827ddbb5
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: c305dd2d134cd77eb00195ac7cabce7ef24d20b98593d81cb65507c5a165b080
dotnet-runtime-7.0-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: 033747731e6132f3e88defaec54bc13ad194c6f4fd454b2042d1edfae5a00e20
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: a4a77cc85592b967ba03534e52e93656da6c441d2019b40c078a500033748947
dotnet-sdk-7.0-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 5ba8b28a49d42ff4106c79e4e19e9d7fce720517571147a7fb2b5b810b7fda4e
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 7479bfe945b8ef71510f1945d31922f0e8de91e70ad7ce440ab517a4e5ba0e5d
dotnet-targeting-pack-7.0-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: b72ff7f9fe4715b929d89fa17bb53e845e09579ebaaa855ad15528f80846a380
dotnet-templates-7.0-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: d71907aed93f9f23874b954408c5a0c7ed7cfbf510a3fe5371d41d38300a7999
dotnet7.0-debuginfo-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 4da61dc2fc414540412930f3573bca0259f313d24fdc6456eccf47760c368b44
dotnet7.0-debugsource-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 7802b70ad1bb686c19260241d9160fa61f462a01b08065cfd6b8d56994031422

Red Hat Enterprise Linux for ARM 64 8

SRPM
dotnet7.0-7.0.114-1.el8_9.src.rpm	SHA-256: ba62f04c3af85134f57cc2726421a5709b1a0f271638aab2c7178c35353db700
aarch64
aspnetcore-runtime-7.0-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 1951cc59be78b4dd8806af53ac4d9d75b6217345bec34c375fe981133f856945
aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 9fb51d89529293193a36e98306c4bdb3ab1fd98940928294f8eb8026ee272e2c
dotnet-apphost-pack-7.0-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 46b0ac6525a89cc4531b0a8197cbb97c093e39fa4ac133c20f8108a72ff9e17d
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 8dabb5dd54dda60e3ace2d4b723ca0235a9c13450fbd6b49ac1881dcdcb2a452
dotnet-hostfxr-7.0-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 98bec97ad906c9cc6e98c7b9fb13228fa12fc9ebcf6e7b18fce5215feb5f4934
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.aarch64.rpm	SHA-256: bc28def40313d3a3723e2ce3f68756b0c489c5172581b5cb972c8753729b04c5
dotnet-runtime-7.0-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 23a9e08891689b37183638328c20c575effdaf4c423514c52a6d4e73f6c04bea
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 6033de897f09eaf6cff71086b87b98209180de4dcc3b01f1ae55f764f1b1c3b8
dotnet-sdk-7.0-7.0.114-1.el8_9.aarch64.rpm	SHA-256: 25d55f9de15747072821325e52461d4a2ca44e08d0e6ae77f16ad97e85672795
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.aarch64.rpm	SHA-256: f3d4064609a6619de10a6714e184a4aba2916d335fc189d3608f8a4211ff5569
dotnet-targeting-pack-7.0-7.0.14-1.el8_9.aarch64.rpm	SHA-256: fb2ec78cc054292b9805ca5a5b721fc183b3b3a100573bea90f71286e2887591
dotnet-templates-7.0-7.0.114-1.el8_9.aarch64.rpm	SHA-256: d76e06d97747ae7d8f813b51fe9eab0a25ae9d83f6d01416104016a55cf212d3
dotnet7.0-debuginfo-7.0.114-1.el8_9.aarch64.rpm	SHA-256: 199a22295fedfac9e534a47091c3c4a670f00f4b3e8b57ac855e2392f420f236
dotnet7.0-debugsource-7.0.114-1.el8_9.aarch64.rpm	SHA-256: 4e0c188f08b465d83e53bcaa2e73ab9e1c3ef636f7dee5ef1508ea00cdaf2271

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 170860b91d00c87984a530f3e971e79b0646319b725186002dd2d71eb14f00d7
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.x86_64.rpm	SHA-256: 8b7169fd0d35762d9b939cbe1aacc8db05ae7f1d1a1bf40462c30817a93ab858
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.x86_64.rpm	SHA-256: add8488700f2f517c66554da9907f69b77a5acc49c8cef30ca6e0f7451ca1d30
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.x86_64.rpm	SHA-256: 6288e8b0c5141f872c9f59c1eca23730f347ae772bc7dc22a6ab1c40ebaf3cb3
dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.x86_64.rpm	SHA-256: 8208a7dd038115b98e1f82f1098829f1e8a2c985d943dc8039b7eb428a807877
dotnet7.0-debuginfo-7.0.114-1.el8_9.x86_64.rpm	SHA-256: c735a8fb7ed06f02e2de6c844750218d125b3e099c932f8e5da0cdf0415e1125
dotnet7.0-debugsource-7.0.114-1.el8_9.x86_64.rpm	SHA-256: fd01248de1904e9144c8af52b7e52b6fc497734604843e74be4a0d032b2b1324

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: 7d656c5d305ce8a24abb26d69154b1087ecd7b91203c4854f97c5cdbdcb6bae3
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: c305dd2d134cd77eb00195ac7cabce7ef24d20b98593d81cb65507c5a165b080
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.ppc64le.rpm	SHA-256: a4a77cc85592b967ba03534e52e93656da6c441d2019b40c078a500033748947
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 7479bfe945b8ef71510f1945d31922f0e8de91e70ad7ce440ab517a4e5ba0e5d
dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: d10242de20d3e68ddf29607a76cf92808094d15917293e06703425d47836c723
dotnet7.0-debuginfo-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 4da61dc2fc414540412930f3573bca0259f313d24fdc6456eccf47760c368b44
dotnet7.0-debugsource-7.0.114-1.el8_9.ppc64le.rpm	SHA-256: 7802b70ad1bb686c19260241d9160fa61f462a01b08065cfd6b8d56994031422

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 8dabb5dd54dda60e3ace2d4b723ca0235a9c13450fbd6b49ac1881dcdcb2a452
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.aarch64.rpm	SHA-256: bc28def40313d3a3723e2ce3f68756b0c489c5172581b5cb972c8753729b04c5
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.aarch64.rpm	SHA-256: 6033de897f09eaf6cff71086b87b98209180de4dcc3b01f1ae55f764f1b1c3b8
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.aarch64.rpm	SHA-256: f3d4064609a6619de10a6714e184a4aba2916d335fc189d3608f8a4211ff5569
dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.aarch64.rpm	SHA-256: d565e3dab2ddd2a046ee49b950164529b26c549dd3c42512122327042ef11c09
dotnet7.0-debuginfo-7.0.114-1.el8_9.aarch64.rpm	SHA-256: 199a22295fedfac9e534a47091c3c4a670f00f4b3e8b57ac855e2392f420f236
dotnet7.0-debugsource-7.0.114-1.el8_9.aarch64.rpm	SHA-256: 4e0c188f08b465d83e53bcaa2e73ab9e1c3ef636f7dee5ef1508ea00cdaf2271

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
dotnet-apphost-pack-7.0-debuginfo-7.0.14-1.el8_9.s390x.rpm	SHA-256: b6dc572ee263fcafa59a6d4a71507e941ff900815a271ef6c760c718029a6461
dotnet-hostfxr-7.0-debuginfo-7.0.14-1.el8_9.s390x.rpm	SHA-256: ba42f622c9925eb4ccde49815b9f0db0c35e4066c6cdc42eefb082ca66ca4b16
dotnet-runtime-7.0-debuginfo-7.0.14-1.el8_9.s390x.rpm	SHA-256: c7ec1e8c1763b30dba61a82289ebd64cc17322365ddf7944afdb2d5642f07520
dotnet-sdk-7.0-debuginfo-7.0.114-1.el8_9.s390x.rpm	SHA-256: 33fbda0d28df4ce8957f8400a9175fafdac489b1d9bc5df2181281be423759a7
dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.s390x.rpm	SHA-256: c0eaec7ee17718afed3793a027f22b44155a090c00a569f51a0969b1c6c6240e
dotnet7.0-debuginfo-7.0.114-1.el8_9.s390x.rpm	SHA-256: 4126ee25791dc08763e7d428727e8d118b2ebaae413f3594bc475ce94416b86c
dotnet7.0-debugsource-7.0.114-1.el8_9.s390x.rpm	SHA-256: f1f55ab9f144f22dd07e1ba11659f933267cabd90d82b347e3d837652616def6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation