rhsa-2024_0255
Vulnerability from csaf_redhat
Published
2024-01-15 16:01
Modified
2024-11-06 04:43
Summary
Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update
Notes
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.
The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.126). (BZ#2255300)
Security Fix(es):
* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.\n\nThe following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.126). (BZ#2255300)\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0255", "url": "https://access.redhat.com/errata/RHSA-2024:0255" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2255384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255384" }, { "category": "external", "summary": "2255386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255386" }, { "category": "external", "summary": "2257566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257566" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0255.json" } ], "title": "Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-06T04:43:25+00:00", "generator": { "date": "2024-11-06T04:43:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:0255", "initial_release_date": "2024-01-15T16:01:35+00:00", "revision_history": [ { "date": "2024-01-15T16:01:35+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-01-15T16:01:35+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T04:43:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:6.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-runtime-6.0@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-aspnetcore-targeting-pack-6.0@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.126-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-apphost-pack-6.0@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-host@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-hostfxr-6.0@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-runtime-6.0@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0@6.0.126-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts@6.0.126-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-targeting-pack-6.0@6.0.26-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-templates-6.0@6.0.126-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "product_id": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-netstandard-targeting-pack-2.1@6.0.126-1.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "product": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "product_id": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet-debuginfo@6.0.126-1.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "product": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "product_id": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet60-dotnet@6.0.126-1.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Server-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" }, "product_reference": "rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "relates_to_product_reference": "7Workstation-dotNET-6.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-0056", "cwe": { "id": "CWE-420", "name": "Unprotected Alternate Channel" }, "discovery_date": "2023-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255384" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This may allow the attacker to steal authentication credentials intended for the database server, even if the connection is established over an encrypted channel like TLS.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS)", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw allows attackers to execute an adversary-in-the-middle (AiTM) attack, potentially enabling the theft of authentication credentials even when the connection is encrypted with protocols like TLS. This security lapse could lead to unauthorized access to sensitive databases, raising concerns about data breaches and the compromise of confidential information.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-0056" }, { "category": "external", "summary": "RHBZ#2255384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255384" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0056", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0056" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0056", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0056" }, { "category": "external", "summary": "https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md", "url": "https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-01-15T16:01:35+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0255" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS)" }, { "cve": "CVE-2024-0057", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2023-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2255386" } ], "notes": [ { "category": "description", "text": "A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build. This could allow an adversary to subvert the app\u0027s typical authentication logic.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: X509 Certificates - Validation Bypass across Azure", "title": "Vulnerability summary" }, { "category": "other", "text": "The ability for an attacker to exploit this vulnerability by presenting an arbitrary untrusted certificate with malformed signatures can lead to a breach in the application\u0027s authentication logic. This loophole poses a serious threat, as it could lead to unauthorized access, data breaches, and the compromise of sensitive information.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-0057" }, { "category": "external", "summary": "RHBZ#2255386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0057", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0057" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0057", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0057" }, { "category": "external", "summary": "https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md", "url": "https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-01-15T16:01:35+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0255" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dotnet: X509 Certificates - Validation Bypass across Azure" }, { "cve": "CVE-2024-21319", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2257566" } ], "notes": [ { "category": "description", "text": "A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "dotnet: .NET Denial of Service Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "This DoS vulnerability in .NET Core project templates utilizing JWT-based authentication tokens is considered a moderate issue due to its restricted impact. While unauthenticated clients can exploit the server\u0027s memory, potentially causing an out-of-memory condition and service disruption, the vulnerability does not lead to remote code execution or compromise sensitive data. Its exploitability is contingent on specific project configurations, limiting the scope of affected systems.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21319" }, { "category": "external", "summary": "RHBZ#2257566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257566" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21319", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21319" }, { "category": "external", "summary": "https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md", "url": "https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md" } ], "release_date": "2024-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-01-15T16:01:35+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0255" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7ComputeNode-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Server-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Server-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-aspnetcore-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.src", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-apphost-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-debuginfo-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-host-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-hostfxr-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-runtime-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-targeting-pack-6.0-0:6.0.26-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-dotnet-templates-6.0-0:6.0.126-1.el7_9.x86_64", "7Workstation-dotNET-6.0:rh-dotnet60-netstandard-targeting-pack-2.1-0:6.0.126-1.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dotnet: .NET Denial of Service Vulnerability" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.