Red Hat Product Errata RHSA-2024:8082 - Security Advisory
Issued:
2024-10-14
Updated:
2024-10-14

RHSA-2024:8082 - Security Advisory

Synopsis

Important: .NET 6.0 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, and Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.1.35.

Security Fix(es):

  • dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)
  • dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)
  • dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):

  • dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)
  • dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)
  • dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2315729 - CVE-2024-43484 dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList
  • BZ - 2315730 - CVE-2024-43483 dotnet: Multiple .NET components susceptible to hash flooding
  • BZ - 2315731 - CVE-2024-43485 dotnet: Denial of Service in System.Text.Json

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
dotnet6.0-6.0.135-1.el8_6.src.rpm SHA-256: 08b5f96b656c7cb88f8c40ceb19b3de11d8e041e15ab9bab5e33c173e3f5a946
x86_64
aspnetcore-runtime-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 73a000dfe569a23aed8c9f7ce80ecb6ad9be79ab04fd41c888275225e537fa85
aspnetcore-targeting-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 823053cf296725539b645afa5f13b6975769ffec6fd8fcf02c7aa2992f717901
dotnet-6.0.135-1.el8_6.x86_64.rpm SHA-256: 60a8a9792b78f669664ec9e15e398aac7acc8a40613c917edbae8cebe027bd68
dotnet-apphost-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 5792b4129b93c10e853bbf8535af333a69b788d8b851c6aaf858492af101f046
dotnet-apphost-pack-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: b457d9c13829977d5e66720bf39ce4e7f6a36c6c28b261157c372e3569e77c11
dotnet-host-6.0.35-1.el8_6.x86_64.rpm SHA-256: ccc07babb364f8735b00c74b9246a0f6d67d285ded40549890235f446b0b0180
dotnet-host-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 7001af5d3ade71fa430a457e1069fa01204d279274b6278b6fa97650fd2ed169
dotnet-hostfxr-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: e7a8cac1e939fe8bf6add86191460a4387e11173ffe31ea97c688d5fb9521cde
dotnet-hostfxr-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 5b0165df6c5e50db61426a18dc0fecd2e570e64652f2e66dcaf1fa14d6b280b0
dotnet-runtime-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 40d2964852f993f1406bdcf8675fe8be4c58ee10dd895cdcea7f8c7f21426afc
dotnet-runtime-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 96c74af48e147f1a0cfc6b9729b30536f8187d771ccf11f329ca83101b2ad2ba
dotnet-sdk-6.0-6.0.135-1.el8_6.x86_64.rpm SHA-256: ad827286988b87887a6ee6cb0a0e9ca99b50d1c02eb2048502eba4832d40741c
dotnet-sdk-6.0-debuginfo-6.0.135-1.el8_6.x86_64.rpm SHA-256: 1dec9ed2f80ebf6c970fec434626c3db1935fa67cd3eab1ebbeeccef2fdfdb62
dotnet-targeting-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: cfeaffb7f0d5d8f609e411437143bd4eb90f9c79a9312fda4f42985b38654e0d
dotnet-templates-6.0-6.0.135-1.el8_6.x86_64.rpm SHA-256: e1427c94218d49a49ca48e418d5ff88813ca99473b66f3d1f85b4a753dca35fc
dotnet6.0-debuginfo-6.0.135-1.el8_6.x86_64.rpm SHA-256: ebcbe059090ce669be1d7728433a835ecb8cf3d0db5712c48db62bc03a56725d
dotnet6.0-debugsource-6.0.135-1.el8_6.x86_64.rpm SHA-256: f2be2934747b2175e3a0ff9c5293dfb57ecc32d1d206aded851322241532bb1c
netstandard-targeting-pack-2.1-6.0.135-1.el8_6.x86_64.rpm SHA-256: 21b63428f7e035d5330efdca3c82f7fa22eab46a2694b771323cce3459c78572

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
dotnet6.0-6.0.135-1.el8_6.src.rpm SHA-256: 08b5f96b656c7cb88f8c40ceb19b3de11d8e041e15ab9bab5e33c173e3f5a946
x86_64
aspnetcore-runtime-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 73a000dfe569a23aed8c9f7ce80ecb6ad9be79ab04fd41c888275225e537fa85
aspnetcore-targeting-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 823053cf296725539b645afa5f13b6975769ffec6fd8fcf02c7aa2992f717901
dotnet-6.0.135-1.el8_6.x86_64.rpm SHA-256: 60a8a9792b78f669664ec9e15e398aac7acc8a40613c917edbae8cebe027bd68
dotnet-apphost-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 5792b4129b93c10e853bbf8535af333a69b788d8b851c6aaf858492af101f046
dotnet-apphost-pack-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: b457d9c13829977d5e66720bf39ce4e7f6a36c6c28b261157c372e3569e77c11
dotnet-host-6.0.35-1.el8_6.x86_64.rpm SHA-256: ccc07babb364f8735b00c74b9246a0f6d67d285ded40549890235f446b0b0180
dotnet-host-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 7001af5d3ade71fa430a457e1069fa01204d279274b6278b6fa97650fd2ed169
dotnet-hostfxr-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: e7a8cac1e939fe8bf6add86191460a4387e11173ffe31ea97c688d5fb9521cde
dotnet-hostfxr-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 5b0165df6c5e50db61426a18dc0fecd2e570e64652f2e66dcaf1fa14d6b280b0
dotnet-runtime-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 40d2964852f993f1406bdcf8675fe8be4c58ee10dd895cdcea7f8c7f21426afc
dotnet-runtime-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 96c74af48e147f1a0cfc6b9729b30536f8187d771ccf11f329ca83101b2ad2ba
dotnet-sdk-6.0-6.0.135-1.el8_6.x86_64.rpm SHA-256: ad827286988b87887a6ee6cb0a0e9ca99b50d1c02eb2048502eba4832d40741c
dotnet-sdk-6.0-debuginfo-6.0.135-1.el8_6.x86_64.rpm SHA-256: 1dec9ed2f80ebf6c970fec434626c3db1935fa67cd3eab1ebbeeccef2fdfdb62
dotnet-targeting-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: cfeaffb7f0d5d8f609e411437143bd4eb90f9c79a9312fda4f42985b38654e0d
dotnet-templates-6.0-6.0.135-1.el8_6.x86_64.rpm SHA-256: e1427c94218d49a49ca48e418d5ff88813ca99473b66f3d1f85b4a753dca35fc
dotnet6.0-debuginfo-6.0.135-1.el8_6.x86_64.rpm SHA-256: ebcbe059090ce669be1d7728433a835ecb8cf3d0db5712c48db62bc03a56725d
dotnet6.0-debugsource-6.0.135-1.el8_6.x86_64.rpm SHA-256: f2be2934747b2175e3a0ff9c5293dfb57ecc32d1d206aded851322241532bb1c
netstandard-targeting-pack-2.1-6.0.135-1.el8_6.x86_64.rpm SHA-256: 21b63428f7e035d5330efdca3c82f7fa22eab46a2694b771323cce3459c78572

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
dotnet6.0-6.0.135-1.el8_6.src.rpm SHA-256: 08b5f96b656c7cb88f8c40ceb19b3de11d8e041e15ab9bab5e33c173e3f5a946
x86_64
aspnetcore-runtime-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 73a000dfe569a23aed8c9f7ce80ecb6ad9be79ab04fd41c888275225e537fa85
aspnetcore-targeting-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 823053cf296725539b645afa5f13b6975769ffec6fd8fcf02c7aa2992f717901
dotnet-6.0.135-1.el8_6.x86_64.rpm SHA-256: 60a8a9792b78f669664ec9e15e398aac7acc8a40613c917edbae8cebe027bd68
dotnet-apphost-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 5792b4129b93c10e853bbf8535af333a69b788d8b851c6aaf858492af101f046
dotnet-apphost-pack-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: b457d9c13829977d5e66720bf39ce4e7f6a36c6c28b261157c372e3569e77c11
dotnet-host-6.0.35-1.el8_6.x86_64.rpm SHA-256: ccc07babb364f8735b00c74b9246a0f6d67d285ded40549890235f446b0b0180
dotnet-host-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 7001af5d3ade71fa430a457e1069fa01204d279274b6278b6fa97650fd2ed169
dotnet-hostfxr-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: e7a8cac1e939fe8bf6add86191460a4387e11173ffe31ea97c688d5fb9521cde
dotnet-hostfxr-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 5b0165df6c5e50db61426a18dc0fecd2e570e64652f2e66dcaf1fa14d6b280b0
dotnet-runtime-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: 40d2964852f993f1406bdcf8675fe8be4c58ee10dd895cdcea7f8c7f21426afc
dotnet-runtime-6.0-debuginfo-6.0.35-1.el8_6.x86_64.rpm SHA-256: 96c74af48e147f1a0cfc6b9729b30536f8187d771ccf11f329ca83101b2ad2ba
dotnet-sdk-6.0-6.0.135-1.el8_6.x86_64.rpm SHA-256: ad827286988b87887a6ee6cb0a0e9ca99b50d1c02eb2048502eba4832d40741c
dotnet-sdk-6.0-debuginfo-6.0.135-1.el8_6.x86_64.rpm SHA-256: 1dec9ed2f80ebf6c970fec434626c3db1935fa67cd3eab1ebbeeccef2fdfdb62
dotnet-targeting-pack-6.0-6.0.35-1.el8_6.x86_64.rpm SHA-256: cfeaffb7f0d5d8f609e411437143bd4eb90f9c79a9312fda4f42985b38654e0d
dotnet-templates-6.0-6.0.135-1.el8_6.x86_64.rpm SHA-256: e1427c94218d49a49ca48e418d5ff88813ca99473b66f3d1f85b4a753dca35fc
dotnet6.0-debuginfo-6.0.135-1.el8_6.x86_64.rpm SHA-256: ebcbe059090ce669be1d7728433a835ecb8cf3d0db5712c48db62bc03a56725d
dotnet6.0-debugsource-6.0.135-1.el8_6.x86_64.rpm SHA-256: f2be2934747b2175e3a0ff9c5293dfb57ecc32d1d206aded851322241532bb1c
netstandard-targeting-pack-2.1-6.0.135-1.el8_6.x86_64.rpm SHA-256: 21b63428f7e035d5330efdca3c82f7fa22eab46a2694b771323cce3459c78572

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.