drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in .NET
Name: |
Denial of Service in .NET |
|
ID: |
USN-6693-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 22.04 LTS, Ubuntu 23.10 |
|
Datum: |
Di, 12. März 2024, 21:35 |
|
Referenzen: |
https://launchpad.net/ubuntu/+source/dotnet8/8.0.103-8.0.3-0ubuntu1~22.04.1
https://launchpad.net/ubuntu/+source/dotnet7/7.0.117-0ubuntu1~22.04.1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21392
https://launchpad.net/ubuntu/+source/dotnet7/7.0.117-0ubuntu1~23.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.103-8.0.3-0ubuntu1~23.10.1 |
|
Applikationen: |
.NET |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2607552596577522702== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------QK3KVyhAC0DH7wkOFc7ic8d1"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------QK3KVyhAC0DH7wkOFc7ic8d1 Content-Type: multipart/mixed; boundary="------------xjBmrIvl0vJTOPzQuYUp9Br1"; protected-headers="v1" From: Ian Constantin <ian.constantin@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <ccd36979-0496-4ecf-98f1-755784e38e64@canonical.com> Subject: [USN-6693-1] .NET vulnerability
--------------xjBmrIvl0vJTOPzQuYUp9Br1 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6693-1 March 12, 2024
dotnet7, dotnet8 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10 - Ubuntu 22.04 LTS
Summary:
.NET could be made to crash if it processed specially crafted requests.
Software Description: - dotnet7: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime
Details:
It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: aspnetcore-runtime-7.0 7.0.117-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.3-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.117-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.3-0ubuntu1~23.10.1 dotnet7 7.0.117-0ubuntu1~23.10.1 dotnet8 8.0.103-8.0.3-0ubuntu1~23.10.1
Ubuntu 22.04 LTS: aspnetcore-runtime-7.0 7.0.117-0ubuntu1~22.04.1 aspnetcore-runtime-8.0 8.0.3-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.117-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.3-0ubuntu1~22.04.1 dotnet7 7.0.117-0ubuntu1~22.04.1 dotnet8 8.0.103-8.0.3-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6693-1 CVE-2024-21392
Package Information: https://launchpad.net/ubuntu/+source/dotnet7/7.0.117-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.103-8.0.3-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.117-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.103-8.0.3-0ubuntu1~22.04.1 --------------xjBmrIvl0vJTOPzQuYUp9Br1--
--------------QK3KVyhAC0DH7wkOFc7ic8d1 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmXwqywFAwAAAAAACgkQa1+PL+d1/Eiy CQwAl4GH/qUqjbHc3c7Dza6f57UmfaLmsGSaOaOdpygp12n4CrSM1Uw8yJxemk0F6ddSCv26E7wg HrbQuM+rwKyroxthkI0CyoSxQ1Es3OtjSTY6ufcJOgrK77/9Dl+rvxZsxhY0uzDeisas6RUGzGkP p2b4xkcOHumnlQMJiV1M7M9v0oGM+GrPwbB2aGeLsTwRhs5fOme6V8sqsA4ATP5icBc0Vej0/LN0 RRXMLGUvZL52RTYiXhtMuGJYJyNidt9K+rmrYcR3iz+eKxO7n2r1jLy60YmNyZlZCa3/9M6brliO sGX6WBLxB4sXYXqPUajfPZInFLjJdckPZmoLv/qrPEYbLVHWftgMh4vV+7cNT8WfLq5EUCyOsX2V Nb9hXqSa5fUMaAGSfmWJtQ7jMvEnFU2+6mjrW1K8Ck7PnyJvQ6dOehLP9bignuDMkc6hhAMzwHvF sru0axrEJHst95zCSi+a19Ul/HMO2RcLzF/CFAZ53tFgnd1LfVT8z7DfLPsX =Csky -----END PGP SIGNATURE-----
--------------QK3KVyhAC0DH7wkOFc7ic8d1--
--===============2607552596577522702== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============2607552596577522702==--
|
|
|
|