What is the vulnerability ID for the .NET vulnerabilities?

The vulnerability ID for the .NET vulnerabilities is USN-6278-2.

What is the severity of USN-6278-2?

The severity of USN-6278-2 is not specified in the provided information.

Which Ubuntu versions are affected by USN-6278-2?

The Ubuntu version affected by USN-6278-2 is 22.04.

What is the remedy for the .NET vulnerabilities?

The remedy for the .NET vulnerabilities is to update the affected software packages to the specified versions: aspnetcore-runtime-6.0 (6.0.121-0ubuntu1~22.04.1), aspnetcore-runtime-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-host (6.0.121-0ubuntu1~22.04.1), dotnet-host-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-hostfxr-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-hostfxr-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-runtime-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-runtime-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-sdk-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-sdk-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet6 (6.0.121-0ubuntu1~22.04.1), dotnet7 (7.0.110-0ubuntu1~22.04.1).

Where can I find more information about the vulnerabilities?

You can find more information about the vulnerabilities on the following references: [CVE-2023-38180](https://ubuntu.com/security/CVE-2023-38180), [CVE-2023-35390](https://ubuntu.com/security/CVE-2023-35390), [CVE-2023-38178](https://ubuntu.com/security/CVE-2023-38178).

Vulnerability/
USN-6278-2

10/8/2023

USN-6278-2: .NET vulnerabilities

First published: Thu Aug 10 2023(Updated: )

USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. (CVE-2023-35390) Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38178) It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38180)

Affected Software	Affected Version	How to fix
All of
ubuntu/aspnetcore-runtime-6.0	<6.0.121-0ubuntu1~22.04.1	6.0.121-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/aspnetcore-runtime-7.0	<7.0.110-0ubuntu1~22.04.1	7.0.110-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-host	<6.0.121-0ubuntu1~22.04.1	6.0.121-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-host-7.0	<7.0.110-0ubuntu1~22.04.1	7.0.110-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-hostfxr-6.0	<6.0.121-0ubuntu1~22.04.1	6.0.121-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-hostfxr-7.0	<7.0.110-0ubuntu1~22.04.1	7.0.110-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-runtime-6.0	<6.0.121-0ubuntu1~22.04.1	6.0.121-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-runtime-7.0	<7.0.110-0ubuntu1~22.04.1	7.0.110-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-sdk-6.0	<6.0.121-0ubuntu1~22.04.1	6.0.121-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet-sdk-7.0	<7.0.110-0ubuntu1~22.04.1	7.0.110-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet6	<6.0.121-0ubuntu1~22.04.1	6.0.121-0ubuntu1~22.04.1
	=22.04
All of
ubuntu/dotnet7	<7.0.110-0ubuntu1~22.04.1	7.0.110-0ubuntu1~22.04.1
	=22.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for the .NET vulnerabilities?
The vulnerability ID for the .NET vulnerabilities is USN-6278-2.
What is the severity of USN-6278-2?
The severity of USN-6278-2 is not specified in the provided information.
Which Ubuntu versions are affected by USN-6278-2?
The Ubuntu version affected by USN-6278-2 is 22.04.
What is the remedy for the .NET vulnerabilities?
The remedy for the .NET vulnerabilities is to update the affected software packages to the specified versions: aspnetcore-runtime-6.0 (6.0.121-0ubuntu1~22.04.1), aspnetcore-runtime-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-host (6.0.121-0ubuntu1~22.04.1), dotnet-host-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-hostfxr-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-hostfxr-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-runtime-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-runtime-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet-sdk-6.0 (6.0.121-0ubuntu1~22.04.1), dotnet-sdk-7.0 (7.0.110-0ubuntu1~22.04.1), dotnet6 (6.0.121-0ubuntu1~22.04.1), dotnet7 (7.0.110-0ubuntu1~22.04.1).
Where can I find more information about the vulnerabilities?
You can find more information about the vulnerabilities on the following references: [CVE-2023-38180](https://ubuntu.com/security/CVE-2023-38180), [CVE-2023-35390](https://ubuntu.com/security/CVE-2023-35390), [CVE-2023-38178](https://ubuntu.com/security/CVE-2023-38178).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-6278-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04