(RHSA-2024:1311) Moderate: .NET 8.0 security update

2024-03-1311:46:45

access.redhat.com

.net framework

security update

cve-2024-21392

managed-software framework

security vulnerability

clr implementation

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.6%

JSON

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.

Security Fix(es):

dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64dotnet-targeting-pack-8.0< 8.0.3-1.el8_9dotnet-targeting-pack-8.0-8.0.3-1.el8_9.aarch64.rpm
RedHat8s390xdotnet-sdk-dbg-8.0< 8.0.103-1.el8_9dotnet-sdk-dbg-8.0-8.0.103-1.el8_9.s390x.rpm
RedHat8x86_64dotnet-apphost-pack-8.0-debuginfo< 8.0.3-1.el8_9dotnet-apphost-pack-8.0-debuginfo-8.0.3-1.el8_9.x86_64.rpm
RedHat8x86_64dotnet-apphost-pack-8.0< 8.0.3-1.el8_9dotnet-apphost-pack-8.0-8.0.3-1.el8_9.x86_64.rpm
RedHat8ppc64ledotnet-host-debuginfo< 8.0.3-1.el8_9dotnet-host-debuginfo-8.0.3-1.el8_9.ppc64le.rpm
RedHat8x86_64dotnet-sdk-8.0-debuginfo< 8.0.103-1.el8_9dotnet-sdk-8.0-debuginfo-8.0.103-1.el8_9.x86_64.rpm
RedHat8ppc64ledotnet-hostfxr-8.0< 8.0.3-1.el8_9dotnet-hostfxr-8.0-8.0.3-1.el8_9.ppc64le.rpm
RedHat8ppc64ledotnet< 8.0.103-1.el8_9dotnet-8.0.103-1.el8_9.ppc64le.rpm
RedHat8s390xaspnetcore-targeting-pack-8.0< 8.0.3-1.el8_9aspnetcore-targeting-pack-8.0-8.0.3-1.el8_9.s390x.rpm
RedHat8x86_64dotnet-host< 8.0.3-1.el8_9dotnet-host-8.0.3-1.el8_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	dotnet-targeting-pack-8.0	< 8.0.3-1.el8_9	dotnet-targeting-pack-8.0-8.0.3-1.el8_9.aarch64.rpm
RedHat	8	s390x	dotnet-sdk-dbg-8.0	< 8.0.103-1.el8_9	dotnet-sdk-dbg-8.0-8.0.103-1.el8_9.s390x.rpm
RedHat	8	x86_64	dotnet-apphost-pack-8.0-debuginfo	< 8.0.3-1.el8_9	dotnet-apphost-pack-8.0-debuginfo-8.0.3-1.el8_9.x86_64.rpm
RedHat	8	x86_64	dotnet-apphost-pack-8.0	< 8.0.3-1.el8_9	dotnet-apphost-pack-8.0-8.0.3-1.el8_9.x86_64.rpm
RedHat	8	ppc64le	dotnet-host-debuginfo	< 8.0.3-1.el8_9	dotnet-host-debuginfo-8.0.3-1.el8_9.ppc64le.rpm
RedHat	8	x86_64	dotnet-sdk-8.0-debuginfo	< 8.0.103-1.el8_9	dotnet-sdk-8.0-debuginfo-8.0.103-1.el8_9.x86_64.rpm
RedHat	8	ppc64le	dotnet-hostfxr-8.0	< 8.0.3-1.el8_9	dotnet-hostfxr-8.0-8.0.3-1.el8_9.ppc64le.rpm
RedHat	8	ppc64le	dotnet	< 8.0.103-1.el8_9	dotnet-8.0.103-1.el8_9.ppc64le.rpm
RedHat	8	s390x	aspnetcore-targeting-pack-8.0	< 8.0.3-1.el8_9	aspnetcore-targeting-pack-8.0-8.0.3-1.el8_9.s390x.rpm
RedHat	8	x86_64	dotnet-host	< 8.0.3-1.el8_9	dotnet-host-8.0.3-1.el8_9.x86_64.rpm