Red Hat Product Errata RHSA-2024:0255 - Security Advisory
Issued:
2024-01-15
Updated:
2024-01-15

RHSA-2024:0255 - Security Advisory

Synopsis

Important: .NET 6.0 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.126). (BZ#2255300)

Security Fix(es):

  • dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
  • dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
  • dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • dotNET on RHEL (for RHEL Server) 1 x86_64
  • dotNET on RHEL (for RHEL Workstation) 1 x86_64
  • dotNET on RHEL (for RHEL Compute Node) 1 x86_64

Fixes

  • BZ - 2255384 - CVE-2024-0056 dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)
  • BZ - 2255386 - CVE-2024-0057 dotnet: X509 Certificates - Validation Bypass across Azure
  • BZ - 2257566 - CVE-2024-21319 dotnet: .NET Denial of Service Vulnerability

dotNET on RHEL (for RHEL Server) 1

SRPM
rh-dotnet60-dotnet-6.0.126-1.el7_9.src.rpm SHA-256: d4d93a685dabff31fa8159e871f4f365b9ee81a8d1da93b2074b20524559f82e
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: e9b5d9c10699045cf0d2e413f51dca88b0efb034071ead0dbf52b7a0d0c2683e
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 6f46a6c793e4d7d21e4ac39a1a1478d1546927a6241e2e9e20a5f84f148770eb
rh-dotnet60-dotnet-6.0.126-1.el7_9.x86_64.rpm SHA-256: 82fd6cbaff1510b0f97af11ea2c793318b39e864159cd50dd41784180f8ebfdb
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 025496dfc7a365b9f4334b384e84dc7f04bf6453641577f6e6331ea49e7f01cc
rh-dotnet60-dotnet-debuginfo-6.0.126-1.el7_9.x86_64.rpm SHA-256: 585fa0bea2d4826dffaf0c52160f2fab0fcfa45ef9e0e129ce9c301c6a20d1be
rh-dotnet60-dotnet-host-6.0.26-1.el7_9.x86_64.rpm SHA-256: a4ba92a76df387ea804a8d59eb64443308bf047d1f75d2255cb3306eebe66dbd
rh-dotnet60-dotnet-hostfxr-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: b8bdfa708463f5f9332049decc238ef686a1767aeb5cff4bb3dc862f13526b5b
rh-dotnet60-dotnet-runtime-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 6ca1a3ef648d829b1602bef21d958948ee2c495ea0eb5db6723e844d7d4aaa88
rh-dotnet60-dotnet-sdk-6.0-6.0.126-1.el7_9.x86_64.rpm SHA-256: ed96b668cf78a9a22f9277ff3fdf2c11157b7db6d008685231d03be94c5783c8
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.126-1.el7_9.x86_64.rpm SHA-256: 0ff6ec2aa49081cf215352090834bbb09136cdd73a652d574ce5785da1111818
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 8239e7790e4a259e6b21622f7f06a5d493192696a5f7c56dfdb7f25f84a25de4
rh-dotnet60-dotnet-templates-6.0-6.0.126-1.el7_9.x86_64.rpm SHA-256: 26847bc077f073afce53aa99ca4b4642b65e5b8ad9a8db08c2f3d0de83586939
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.126-1.el7_9.x86_64.rpm SHA-256: dfb6189c5b22f5916368ad6c8ea77e9f4773526002efbe6823409aa18b700a68

dotNET on RHEL (for RHEL Workstation) 1

SRPM
rh-dotnet60-dotnet-6.0.126-1.el7_9.src.rpm SHA-256: d4d93a685dabff31fa8159e871f4f365b9ee81a8d1da93b2074b20524559f82e
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: e9b5d9c10699045cf0d2e413f51dca88b0efb034071ead0dbf52b7a0d0c2683e
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 6f46a6c793e4d7d21e4ac39a1a1478d1546927a6241e2e9e20a5f84f148770eb
rh-dotnet60-dotnet-6.0.126-1.el7_9.x86_64.rpm SHA-256: 82fd6cbaff1510b0f97af11ea2c793318b39e864159cd50dd41784180f8ebfdb
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 025496dfc7a365b9f4334b384e84dc7f04bf6453641577f6e6331ea49e7f01cc
rh-dotnet60-dotnet-debuginfo-6.0.126-1.el7_9.x86_64.rpm SHA-256: 585fa0bea2d4826dffaf0c52160f2fab0fcfa45ef9e0e129ce9c301c6a20d1be
rh-dotnet60-dotnet-host-6.0.26-1.el7_9.x86_64.rpm SHA-256: a4ba92a76df387ea804a8d59eb64443308bf047d1f75d2255cb3306eebe66dbd
rh-dotnet60-dotnet-hostfxr-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: b8bdfa708463f5f9332049decc238ef686a1767aeb5cff4bb3dc862f13526b5b
rh-dotnet60-dotnet-runtime-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 6ca1a3ef648d829b1602bef21d958948ee2c495ea0eb5db6723e844d7d4aaa88
rh-dotnet60-dotnet-sdk-6.0-6.0.126-1.el7_9.x86_64.rpm SHA-256: ed96b668cf78a9a22f9277ff3fdf2c11157b7db6d008685231d03be94c5783c8
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.126-1.el7_9.x86_64.rpm SHA-256: 0ff6ec2aa49081cf215352090834bbb09136cdd73a652d574ce5785da1111818
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 8239e7790e4a259e6b21622f7f06a5d493192696a5f7c56dfdb7f25f84a25de4
rh-dotnet60-dotnet-templates-6.0-6.0.126-1.el7_9.x86_64.rpm SHA-256: 26847bc077f073afce53aa99ca4b4642b65e5b8ad9a8db08c2f3d0de83586939
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.126-1.el7_9.x86_64.rpm SHA-256: dfb6189c5b22f5916368ad6c8ea77e9f4773526002efbe6823409aa18b700a68

dotNET on RHEL (for RHEL Compute Node) 1

SRPM
rh-dotnet60-dotnet-6.0.126-1.el7_9.src.rpm SHA-256: d4d93a685dabff31fa8159e871f4f365b9ee81a8d1da93b2074b20524559f82e
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: e9b5d9c10699045cf0d2e413f51dca88b0efb034071ead0dbf52b7a0d0c2683e
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 6f46a6c793e4d7d21e4ac39a1a1478d1546927a6241e2e9e20a5f84f148770eb
rh-dotnet60-dotnet-6.0.126-1.el7_9.x86_64.rpm SHA-256: 82fd6cbaff1510b0f97af11ea2c793318b39e864159cd50dd41784180f8ebfdb
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 025496dfc7a365b9f4334b384e84dc7f04bf6453641577f6e6331ea49e7f01cc
rh-dotnet60-dotnet-debuginfo-6.0.126-1.el7_9.x86_64.rpm SHA-256: 585fa0bea2d4826dffaf0c52160f2fab0fcfa45ef9e0e129ce9c301c6a20d1be
rh-dotnet60-dotnet-host-6.0.26-1.el7_9.x86_64.rpm SHA-256: a4ba92a76df387ea804a8d59eb64443308bf047d1f75d2255cb3306eebe66dbd
rh-dotnet60-dotnet-hostfxr-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: b8bdfa708463f5f9332049decc238ef686a1767aeb5cff4bb3dc862f13526b5b
rh-dotnet60-dotnet-runtime-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 6ca1a3ef648d829b1602bef21d958948ee2c495ea0eb5db6723e844d7d4aaa88
rh-dotnet60-dotnet-sdk-6.0-6.0.126-1.el7_9.x86_64.rpm SHA-256: ed96b668cf78a9a22f9277ff3fdf2c11157b7db6d008685231d03be94c5783c8
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.126-1.el7_9.x86_64.rpm SHA-256: 0ff6ec2aa49081cf215352090834bbb09136cdd73a652d574ce5785da1111818
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.26-1.el7_9.x86_64.rpm SHA-256: 8239e7790e4a259e6b21622f7f06a5d493192696a5f7c56dfdb7f25f84a25de4
rh-dotnet60-dotnet-templates-6.0-6.0.126-1.el7_9.x86_64.rpm SHA-256: 26847bc077f073afce53aa99ca4b4642b65e5b8ad9a8db08c2f3d0de83586939
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.126-1.el7_9.x86_64.rpm SHA-256: dfb6189c5b22f5916368ad6c8ea77e9f4773526002efbe6823409aa18b700a68

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.