What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-6438-1.

What is the severity of the vulnerability?

The severity of the vulnerability is not mentioned in the provided information.

How can this vulnerability be exploited?

This vulnerability can be exploited by an attacker to cause a denial of service or perform remote attacks.

What is the affected software?

The affected software includes aspnetcore-runtime-6.0, aspnetcore-runtime-7.0, dotnet-host, dotnet-host-7.0, dotnet-hostfxr-6.0, dotnet-hostfxr-7.0, dotnet-runtime-6.0, dotnet-runtime-7.0, dotnet-sdk-6.0, dotnet-sdk-7.0, dotnet6, and dotnet7.

How to fix this vulnerability?

To fix this vulnerability, update the affected software packages to versions 6.0.123-0ubuntu1 (for 6.0 packages) or 7.0.112-0ubuntu1 (for 7.0 packages) or higher.

Vulnerability/
USN-6438-1

19/10/2023

USN-6438-1: .NET vulnerabilities

First published: Thu Oct 19 2023(Updated: )

Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799) It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487)

Affected Software	Affected Version	How to fix
All of
ubuntu/aspnetcore-runtime-6.0	<6.0.123-0ubuntu1	6.0.123-0ubuntu1
	=23.10
All of
ubuntu/aspnetcore-runtime-7.0	<7.0.112-0ubuntu1	7.0.112-0ubuntu1
	=23.10
All of
ubuntu/dotnet-host	<6.0.123-0ubuntu1	6.0.123-0ubuntu1
	=23.10
All of
ubuntu/dotnet-host-7.0	<7.0.112-0ubuntu1	7.0.112-0ubuntu1
	=23.10
All of
ubuntu/dotnet-hostfxr-6.0	<6.0.123-0ubuntu1	6.0.123-0ubuntu1
	=23.10
All of
ubuntu/dotnet-hostfxr-7.0	<7.0.112-0ubuntu1	7.0.112-0ubuntu1
	=23.10
All of
ubuntu/dotnet-runtime-6.0	<6.0.123-0ubuntu1	6.0.123-0ubuntu1
	=23.10
All of
ubuntu/dotnet-runtime-7.0	<7.0.112-0ubuntu1	7.0.112-0ubuntu1
	=23.10
All of
ubuntu/dotnet-sdk-6.0	<6.0.123-0ubuntu1	6.0.123-0ubuntu1
	=23.10
All of
ubuntu/dotnet-sdk-7.0	<7.0.112-0ubuntu1	7.0.112-0ubuntu1
	=23.10
All of
ubuntu/dotnet6	<6.0.123-0ubuntu1	6.0.123-0ubuntu1
	=23.10
All of
ubuntu/dotnet7	<7.0.112-0ubuntu1	7.0.112-0ubuntu1
	=23.10

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-6438-1.
What is the severity of the vulnerability?
The severity of the vulnerability is not mentioned in the provided information.
How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker to cause a denial of service or perform remote attacks.
What is the affected software?
The affected software includes aspnetcore-runtime-6.0, aspnetcore-runtime-7.0, dotnet-host, dotnet-host-7.0, dotnet-hostfxr-6.0, dotnet-hostfxr-7.0, dotnet-runtime-6.0, dotnet-runtime-7.0, dotnet-sdk-6.0, dotnet-sdk-7.0, dotnet6, and dotnet7.
How to fix this vulnerability?
To fix this vulnerability, update the affected software packages to versions 6.0.123-0ubuntu1 (for 6.0 packages) or 7.0.112-0ubuntu1 (for 7.0 packages) or higher.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/references
agent/softwarecombine
agent/title
agent/event
agent/tags
agent/description
collector/usn
source/Ubuntu
anchor-related/USN-6362-1
anchor-related/USN-6438-2
anchor-related/USN-6362-2
anchor-related/USN-6427-1
anchor-related/USN-6427-2
anchor-related/USN-6505-1
anchor-related/USN-6574-1
anchor-related/USN-6754-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/23.10