First published: Thu Oct 19 2023(Updated: )
USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8. Original advisory details: It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/aspnetcore-runtime-8.0 | <8.0.0~rc2-0ubuntu1 | 8.0.0~rc2-0ubuntu1 |
=23.10 | ||
All of | ||
ubuntu/dotnet-host-8.0 | <8.0.0~rc2-0ubuntu1 | 8.0.0~rc2-0ubuntu1 |
=23.10 | ||
All of | ||
ubuntu/dotnet-hostfxr-8.0 | <8.0.0~rc2-0ubuntu1 | 8.0.0~rc2-0ubuntu1 |
=23.10 | ||
All of | ||
ubuntu/dotnet-runtime-8.0 | <8.0.0~rc2-0ubuntu1 | 8.0.0~rc2-0ubuntu1 |
=23.10 | ||
All of | ||
ubuntu/dotnet-sdk-8.0 | <8.0.100~rc2-0ubuntu1 | 8.0.100~rc2-0ubuntu1 |
=23.10 | ||
All of | ||
ubuntu/dotnet8 | <8.0.100-8.0.0~rc2-0ubuntu1 | 8.0.100-8.0.0~rc2-0ubuntu1 |
=23.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
USN-6427-1 fixed a vulnerability in .NET Kestrel web server that did not properly handle HTTP/2 requests.
The vulnerability in .NET is related to the handling of HTTP/2 requests by the .NET Kestrel web server.
The vulnerability could be exploited by a remote attacker to cause a denial of service.
To fix the vulnerability, update the affected software to version 8.0.0~rc2-0ubuntu1 or later.
More information about the vulnerability can be found on the Ubuntu security website.