.NET 8.0 security update

2024-06-1414:00:35

Rockylinux Product Errata

errata.rockylinux.org

.net update

rocky linux 9

cve-2024-30045

cve-2024-30046

security vulnerability

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.9%

JSON

An update is available for dotnet8.0.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.

Security Fix(es):

dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)
dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky9aarch64aspnetcore-runtime-8.0< 8.0.5-1.el9_4aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.aarch64.rpm
rocky9ppc64leaspnetcore-runtime-8.0< 8.0.5-1.el9_4aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.ppc64le.rpm
rocky9s390xaspnetcore-runtime-8.0< 8.0.5-1.el9_4aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.s390x.rpm
rocky9x86_64aspnetcore-runtime-8.0< 8.0.5-1.el9_4aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.x86_64.rpm
rocky9aarch64aspnetcore-runtime-dbg-8.0< 8.0.5-1.el9_4aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.aarch64.rpm
rocky9ppc64leaspnetcore-runtime-dbg-8.0< 8.0.5-1.el9_4aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.ppc64le.rpm
rocky9s390xaspnetcore-runtime-dbg-8.0< 8.0.5-1.el9_4aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.s390x.rpm
rocky9x86_64aspnetcore-runtime-dbg-8.0< 8.0.5-1.el9_4aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.x86_64.rpm
rocky9aarch64aspnetcore-targeting-pack-8.0< 8.0.5-1.el9_4aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.aarch64.rpm
rocky9ppc64leaspnetcore-targeting-pack-8.0< 8.0.5-1.el9_4aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	9	aarch64	aspnetcore-runtime-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.aarch64.rpm
rocky	9	ppc64le	aspnetcore-runtime-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.ppc64le.rpm
rocky	9	s390x	aspnetcore-runtime-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.s390x.rpm
rocky	9	x86_64	aspnetcore-runtime-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.x86_64.rpm
rocky	9	aarch64	aspnetcore-runtime-dbg-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.aarch64.rpm
rocky	9	ppc64le	aspnetcore-runtime-dbg-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.ppc64le.rpm
rocky	9	s390x	aspnetcore-runtime-dbg-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.s390x.rpm
rocky	9	x86_64	aspnetcore-runtime-dbg-8.0	< 8.0.5-1.el9_4	aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.x86_64.rpm
rocky	9	aarch64	aspnetcore-targeting-pack-8.0	< 8.0.5-1.el9_4	aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.aarch64.rpm
rocky	9	ppc64le	aspnetcore-targeting-pack-8.0	< 8.0.5-1.el9_4	aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.ppc64le.rpm