Red Hat Product Errata RHSA-2023:7259 - Security Advisory
Issued:
2023-11-15
Updated:
2023-11-15

RHSA-2023:7259 - Security Advisory

Synopsis

Moderate: .NET 6.0 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.125). (BZ#2247677)

Security Fix(es):

  • dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)
  • dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 2247750 - CVE-2023-36558 dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms
  • BZ - 2248883 - CVE-2023-36049 dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet60-dotnet-6.0.125-1.el7_9.src.rpm SHA-256: fa1a010c41ca6de63a520bfb42990c0d6476c33ad10676b513d9ced9be2ed074
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 0ec1d884308c895c19404d95aed69c60067d6959d08861d19afd74bee5eec758
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: d2d905e18120ec10027b8df828103aef106e42751761c52e9a09b473e2f68e9c
rh-dotnet60-dotnet-6.0.125-1.el7_9.x86_64.rpm SHA-256: 5e5101900cf4b9065f8a75c60619d280c4fb31a3a8606ec881d6b84ba8047d10
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 6d66344c51193d9bfd34c5e700e5f316d2c09bb186d292993c8df581a9e4303e
rh-dotnet60-dotnet-debuginfo-6.0.125-1.el7_9.x86_64.rpm SHA-256: 6d4e9cccc87267cef4270b86085ae8005b19839a004006f7a627a88081766350
rh-dotnet60-dotnet-host-6.0.25-1.el7_9.x86_64.rpm SHA-256: e5c2adde7d1d41ee9ff8deed40a16b20dda941543de8d8b936c011f312092ada
rh-dotnet60-dotnet-hostfxr-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: b24be648adcf8acc54402be052b662f27decda21e2fec0a926efdb435417e315
rh-dotnet60-dotnet-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 00a30fabd5067e50c96a4239682816a6b99aa1a617b58fa7255f96b530eaf008
rh-dotnet60-dotnet-sdk-6.0-6.0.125-1.el7_9.x86_64.rpm SHA-256: 3b219c45294b4cc1a39873f989dd8a14064e706e305293db550b7f06fef98c73
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el7_9.x86_64.rpm SHA-256: 4fecb4065f8c3ebaa518efea9b453deff00db06297f2118dbe3ddc1ceaa25dea
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 2bb7023e92917a4e6eb2bc03d8693c4dac572b37ab766784a0da89b26d8ce1ee
rh-dotnet60-dotnet-templates-6.0-6.0.125-1.el7_9.x86_64.rpm SHA-256: e0968dd481e449a2823ef100b6d8b8b551726767ee43d5005c1dc05debac12e5
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.125-1.el7_9.x86_64.rpm SHA-256: a396b432ec83f1a4c36df29fee4632ec4549e0d076c722720db92813c17b3456

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet60-dotnet-6.0.125-1.el7_9.src.rpm SHA-256: fa1a010c41ca6de63a520bfb42990c0d6476c33ad10676b513d9ced9be2ed074
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 0ec1d884308c895c19404d95aed69c60067d6959d08861d19afd74bee5eec758
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: d2d905e18120ec10027b8df828103aef106e42751761c52e9a09b473e2f68e9c
rh-dotnet60-dotnet-6.0.125-1.el7_9.x86_64.rpm SHA-256: 5e5101900cf4b9065f8a75c60619d280c4fb31a3a8606ec881d6b84ba8047d10
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 6d66344c51193d9bfd34c5e700e5f316d2c09bb186d292993c8df581a9e4303e
rh-dotnet60-dotnet-debuginfo-6.0.125-1.el7_9.x86_64.rpm SHA-256: 6d4e9cccc87267cef4270b86085ae8005b19839a004006f7a627a88081766350
rh-dotnet60-dotnet-host-6.0.25-1.el7_9.x86_64.rpm SHA-256: e5c2adde7d1d41ee9ff8deed40a16b20dda941543de8d8b936c011f312092ada
rh-dotnet60-dotnet-hostfxr-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: b24be648adcf8acc54402be052b662f27decda21e2fec0a926efdb435417e315
rh-dotnet60-dotnet-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 00a30fabd5067e50c96a4239682816a6b99aa1a617b58fa7255f96b530eaf008
rh-dotnet60-dotnet-sdk-6.0-6.0.125-1.el7_9.x86_64.rpm SHA-256: 3b219c45294b4cc1a39873f989dd8a14064e706e305293db550b7f06fef98c73
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el7_9.x86_64.rpm SHA-256: 4fecb4065f8c3ebaa518efea9b453deff00db06297f2118dbe3ddc1ceaa25dea
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 2bb7023e92917a4e6eb2bc03d8693c4dac572b37ab766784a0da89b26d8ce1ee
rh-dotnet60-dotnet-templates-6.0-6.0.125-1.el7_9.x86_64.rpm SHA-256: e0968dd481e449a2823ef100b6d8b8b551726767ee43d5005c1dc05debac12e5
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.125-1.el7_9.x86_64.rpm SHA-256: a396b432ec83f1a4c36df29fee4632ec4549e0d076c722720db92813c17b3456

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet60-dotnet-6.0.125-1.el7_9.src.rpm SHA-256: fa1a010c41ca6de63a520bfb42990c0d6476c33ad10676b513d9ced9be2ed074
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 0ec1d884308c895c19404d95aed69c60067d6959d08861d19afd74bee5eec758
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: d2d905e18120ec10027b8df828103aef106e42751761c52e9a09b473e2f68e9c
rh-dotnet60-dotnet-6.0.125-1.el7_9.x86_64.rpm SHA-256: 5e5101900cf4b9065f8a75c60619d280c4fb31a3a8606ec881d6b84ba8047d10
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 6d66344c51193d9bfd34c5e700e5f316d2c09bb186d292993c8df581a9e4303e
rh-dotnet60-dotnet-debuginfo-6.0.125-1.el7_9.x86_64.rpm SHA-256: 6d4e9cccc87267cef4270b86085ae8005b19839a004006f7a627a88081766350
rh-dotnet60-dotnet-host-6.0.25-1.el7_9.x86_64.rpm SHA-256: e5c2adde7d1d41ee9ff8deed40a16b20dda941543de8d8b936c011f312092ada
rh-dotnet60-dotnet-hostfxr-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: b24be648adcf8acc54402be052b662f27decda21e2fec0a926efdb435417e315
rh-dotnet60-dotnet-runtime-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 00a30fabd5067e50c96a4239682816a6b99aa1a617b58fa7255f96b530eaf008
rh-dotnet60-dotnet-sdk-6.0-6.0.125-1.el7_9.x86_64.rpm SHA-256: 3b219c45294b4cc1a39873f989dd8a14064e706e305293db550b7f06fef98c73
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el7_9.x86_64.rpm SHA-256: 4fecb4065f8c3ebaa518efea9b453deff00db06297f2118dbe3ddc1ceaa25dea
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.25-1.el7_9.x86_64.rpm SHA-256: 2bb7023e92917a4e6eb2bc03d8693c4dac572b37ab766784a0da89b26d8ce1ee
rh-dotnet60-dotnet-templates-6.0-6.0.125-1.el7_9.x86_64.rpm SHA-256: e0968dd481e449a2823ef100b6d8b8b551726767ee43d5005c1dc05debac12e5
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.125-1.el7_9.x86_64.rpm SHA-256: a396b432ec83f1a4c36df29fee4632ec4549e0d076c722720db92813c17b3456

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.