RHSA-2018:3676
Vulnerability from csaf_redhat - Published: 2018-11-27 04:31 - Updated: 2025-11-21 18:07Summary
Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update
Severity
Moderate
Notes
Topic: An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core 2.1.5.
Security Fix(es):
* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)
For more information, please refer to the upstream docs in the References
section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2018:3676
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nA new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core 2.1.5.\n\nSecurity Fix(es):\n\n* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)\n\nFor more information, please refer to the upstream docs in the References\nsection.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3676",
"url": "https://access.redhat.com/errata/RHSA-2018:3676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416"
},
{
"category": "external",
"summary": "1649693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649693"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3676.json"
}
],
"title": "Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update",
"tracking": {
"current_release_date": "2025-11-21T18:07:02+00:00",
"generator": {
"date": "2025-11-21T18:07:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:3676",
"initial_release_date": "2018-11-27T04:31:17+00:00",
"revision_history": [
{
"date": "2018-11-27T04:31:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-27T04:31:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:07:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1@2.1.500-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1.5xx@2.1.500-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.500-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-host@2.1.6-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-debuginfo@2.1.500-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-runtime-2.1@2.1.6-5.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"product": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"product_id": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.500-5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-8416",
"discovery_date": "2018-11-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1649693"
}
],
"notes": [
{
"category": "description",
"text": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Core: Arbitrary file and directory creation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-8416"
},
{
"category": "external",
"summary": "RHBZ#1649693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649693"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-8416",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8416"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416"
}
],
"release_date": "2018-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-27T04:31:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.6-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.6-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.500-5.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.500-5.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Core: Arbitrary file and directory creation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…