(RHSA-2019:0040) Moderate: .NET Core on Red Hat Enterprise Linux security update

2019-01-0908:33:36

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

87.9%

JSON

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now
available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

.NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)
.NET Core: ANCM WebSocket DOS (CVE-2019-0548)
.NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References
section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-dotnet22< 2.2-2.el7rh-dotnet22-2.2-2.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-runtime-2.2< 2.2.1-1.el7rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet< 2.1.503-1.el7rh-dotnet21-dotnet-2.1.503-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-sdk-2.2.1xx< 2.2.102-1.el7rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-debuginfo< 2.2.102-1.el7rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21< 2.1-6.el7rh-dotnet21-2.1-6.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet-debuginfo< 2.1.503-1.el7rh-dotnet21-dotnet-debuginfo-2.1.503-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet-host< 2.1.7-1.el7rh-dotnet21-dotnet-host-2.1.7-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet21-dotnet-sdk-2.1< 2.1.503-1.el7rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet22-dotnet-host< 2.2.1-1.el7rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-dotnet22	< 2.2-2.el7	rh-dotnet22-2.2-2.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-runtime-2.2	< 2.2.1-1.el7	rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet	< 2.1.503-1.el7	rh-dotnet21-dotnet-2.1.503-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-sdk-2.2.1xx	< 2.2.102-1.el7	rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-debuginfo	< 2.2.102-1.el7	rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21	< 2.1-6.el7	rh-dotnet21-2.1-6.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet-debuginfo	< 2.1.503-1.el7	rh-dotnet21-dotnet-debuginfo-2.1.503-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet-host	< 2.1.7-1.el7	rh-dotnet21-dotnet-host-2.1.7-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet21-dotnet-sdk-2.1	< 2.1.503-1.el7	rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet22-dotnet-host	< 2.2.1-1.el7	rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm