(RHSA-2024:2842) Important: .NET 8.0 security update

2024-05-1418:49:36

access.redhat.com

.net framework

security update

stack buffer overrun

denial of service

cve page

asp.net core

security vulnerability

6.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.6%

JSON

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.

Security Fix(es):

dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)
dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9s390xdotnet-sdk-8.0-source-built-artifacts< 8.0.105-1.el9_4dotnet-sdk-8.0-source-built-artifacts-8.0.105-1.el9_4.s390x.rpm
RedHat9ppc64leaspnetcore-targeting-pack-8.0< 8.0.5-1.el9_4aspnetcore-targeting-pack-8.0-8.0.5-1.el9_4.ppc64le.rpm
RedHat9x86_64dotnet8.0-debugsource< 8.0.105-1.el9_4dotnet8.0-debugsource-8.0.105-1.el9_4.x86_64.rpm
RedHat9ppc64ledotnet-apphost-pack-8.0< 8.0.5-1.el9_4dotnet-apphost-pack-8.0-8.0.5-1.el9_4.ppc64le.rpm
RedHat9s390xdotnet-hostfxr-8.0-debuginfo< 8.0.5-1.el9_4dotnet-hostfxr-8.0-debuginfo-8.0.5-1.el9_4.s390x.rpm
RedHat9x86_64dotnet-apphost-pack-8.0< 8.0.5-1.el9_4dotnet-apphost-pack-8.0-8.0.5-1.el9_4.x86_64.rpm
RedHat9s390xdotnet-hostfxr-8.0< 8.0.5-1.el9_4dotnet-hostfxr-8.0-8.0.5-1.el9_4.s390x.rpm
RedHat9x86_64netstandard-targeting-pack-2.1< 8.0.105-1.el9_4netstandard-targeting-pack-2.1-8.0.105-1.el9_4.x86_64.rpm
RedHat9ppc64ledotnet-sdk-8.0-source-built-artifacts< 8.0.105-1.el9_4dotnet-sdk-8.0-source-built-artifacts-8.0.105-1.el9_4.ppc64le.rpm
RedHat9x86_64dotnet-sdk-8.0-debuginfo< 8.0.105-1.el9_4dotnet-sdk-8.0-debuginfo-8.0.105-1.el9_4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	s390x	dotnet-sdk-8.0-source-built-artifacts	< 8.0.105-1.el9_4	dotnet-sdk-8.0-source-built-artifacts-8.0.105-1.el9_4.s390x.rpm
RedHat	9	ppc64le	aspnetcore-targeting-pack-8.0	< 8.0.5-1.el9_4	aspnetcore-targeting-pack-8.0-8.0.5-1.el9_4.ppc64le.rpm
RedHat	9	x86_64	dotnet8.0-debugsource	< 8.0.105-1.el9_4	dotnet8.0-debugsource-8.0.105-1.el9_4.x86_64.rpm
RedHat	9	ppc64le	dotnet-apphost-pack-8.0	< 8.0.5-1.el9_4	dotnet-apphost-pack-8.0-8.0.5-1.el9_4.ppc64le.rpm
RedHat	9	s390x	dotnet-hostfxr-8.0-debuginfo	< 8.0.5-1.el9_4	dotnet-hostfxr-8.0-debuginfo-8.0.5-1.el9_4.s390x.rpm
RedHat	9	x86_64	dotnet-apphost-pack-8.0	< 8.0.5-1.el9_4	dotnet-apphost-pack-8.0-8.0.5-1.el9_4.x86_64.rpm
RedHat	9	s390x	dotnet-hostfxr-8.0	< 8.0.5-1.el9_4	dotnet-hostfxr-8.0-8.0.5-1.el9_4.s390x.rpm
RedHat	9	x86_64	netstandard-targeting-pack-2.1	< 8.0.105-1.el9_4	netstandard-targeting-pack-2.1-8.0.105-1.el9_4.x86_64.rpm
RedHat	9	ppc64le	dotnet-sdk-8.0-source-built-artifacts	< 8.0.105-1.el9_4	dotnet-sdk-8.0-source-built-artifacts-8.0.105-1.el9_4.ppc64le.rpm
RedHat	9	x86_64	dotnet-sdk-8.0-debuginfo	< 8.0.105-1.el9_4	dotnet-sdk-8.0-debuginfo-8.0.105-1.el9_4.x86_64.rpm