First published: Thu Aug 10 2023(Updated: )
USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. (CVE-2023-35390) Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38178) It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38180)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/aspnetcore-runtime-6.0 | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/aspnetcore-runtime-7.0 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-host | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-host-7.0 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-hostfxr-6.0 | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-hostfxr-7.0 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-runtime-6.0 | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-runtime-7.0 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-sdk-6.0 | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet-sdk-7.0 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet6 | <6.0.121-0ubuntu1~22.04.1 | 6.0.121-0ubuntu1~22.04.1 |
=22.04 | ||
All of | ||
ubuntu/dotnet7 | <7.0.110-0ubuntu1~22.04.1 | 7.0.110-0ubuntu1~22.04.1 |
=22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for the .NET vulnerabilities is USN-6278-2.
The severity of USN-6278-2 is not specified in the provided information.
The Ubuntu version affected by USN-6278-2 is 22.04.
The remedy for the .NET vulnerabilities is to update the affected software packages to the specified versions: aspnetcore-runtime-6.0 (6.0.121-0ubuntu1~22.04.1), aspnetcore-runtime-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-host (6.0.121-0ubuntu1~22.04.1), dotnet-host-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-hostfxr-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-hostfxr-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-runtime-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-runtime-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-sdk-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-sdk-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet6 (6.0.121-0ubuntu1~22.04.1), dotnet7 (7.0.110-0ubuntu1~22.04.1).
You can find more information about the vulnerabilities on the following references: [CVE-2023-38180](https://ubuntu.com/security/CVE-2023-38180), [CVE-2023-35390](https://ubuntu.com/security/CVE-2023-35390), [CVE-2023-38178](https://ubuntu.com/security/CVE-2023-38178).