(RHSA-2020:3697) Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux

2020-09-0817:50:48

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.0%

JSON

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8.

Security Fix(es):

.NET Core: ASP.NET cookie prefix spoofing vulnerability (CVE-2020-1045)

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64rh-dotnet31-aspnetcore-runtime-3.1< 3.1.8-1.el7rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-host< 3.1.8-1.el7rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-runtime-3.1< 3.1.8-1.el7rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-sdk-3.1< 3.1.108-1.el7rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-apphost-pack-3.1< 3.1.8-1.el7rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-hostfxr-3.1< 3.1.8-1.el7rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-debuginfo< 3.1.108-1.el7rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-dotnet-targeting-pack-3.1< 3.1.8-1.el7rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-netstandard-targeting-pack-2.1< 3.1.108-1.el7rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm
RedHat7x86_64rh-dotnet31-aspnetcore-targeting-pack-3.1< 3.1.8-1.el7rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	rh-dotnet31-aspnetcore-runtime-3.1	< 3.1.8-1.el7	rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-host	< 3.1.8-1.el7	rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-runtime-3.1	< 3.1.8-1.el7	rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-sdk-3.1	< 3.1.108-1.el7	rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-apphost-pack-3.1	< 3.1.8-1.el7	rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-hostfxr-3.1	< 3.1.8-1.el7	rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-debuginfo	< 3.1.108-1.el7	rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-dotnet-targeting-pack-3.1	< 3.1.8-1.el7	rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-netstandard-targeting-pack-2.1	< 3.1.108-1.el7	rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm
RedHat	7	x86_64	rh-dotnet31-aspnetcore-targeting-pack-3.1	< 3.1.8-1.el7	rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm