(RHSA-2017:3248) Low: .NET Core security update

2017-11-2011:02:54

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3.

Security Fix(es):

By providing an invalid culture, an attacker can cause a recursive lookup that leads to a denial of service when running on certain Windows platforms. (CVE-2017-8585)
Supplying a specially crafted certificate can cause an infinite X509Chain, resulting in a denial of service. (CVE-2017-11770)

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-dotnet20-dotnet-debuginfo< 2.0.3-4.el7rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm
RedHat7x86_64rh-dotnetcore10-dotnetcore< 1.0.8-1.el7rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet20-dotnet< 2.0.3-4.el7rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm
RedHat7x86_64rh-dotnet20-dotnet-host< 2.0.3-4.el7rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm
RedHat7x86_64rh-dotnetcore11-dotnetcore< 1.1.5-1.el7rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet20-dotnet-sdk-2.0< 2.0.3-4.el7rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
RedHat7x86_64rh-dotnet20-dotnet-runtime-2.0< 2.0.3-4.el7rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm
RedHat7x86_64rh-dotnetcore10-dotnetcore-debuginfo< 1.0.8-1.el7rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnetcore11-dotnetcore-debuginfo< 1.1.5-1.el7rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-dotnet20-dotnet-debuginfo	< 2.0.3-4.el7	rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnetcore10-dotnetcore	< 1.0.8-1.el7	rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet20-dotnet	< 2.0.3-4.el7	rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet20-dotnet-host	< 2.0.3-4.el7	rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnetcore11-dotnetcore	< 1.1.5-1.el7	rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet20-dotnet-sdk-2.0	< 2.0.3-4.el7	rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet20-dotnet-runtime-2.0	< 2.0.3-4.el7	rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnetcore10-dotnetcore-debuginfo	< 1.0.8-1.el7	rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnetcore11-dotnetcore-debuginfo	< 1.1.5-1.el7	rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm