Описание
ELSA-2020-3699: .NET Core 3.1 security and bugfix update (IMPORTANT)
[3.1.108-2.0.1.el8_2]
- Update patch to support 8.2 (alexander.burmashev@oracle.com)
- support OL release scheme (alexander.burmashev@oracle.com)
[3.1.108-2]
- Rebuild to fix tests
- Resolves: RHBZ#1874512
[3.1.108-1]
- Update to .NET Core Runtime 3.1.8 and SDK 3.1.108
- Resolves: RHBZ#1874512
Обновленные пакеты
Oracle Linux 8
Oracle Linux x86_64
aspnetcore-runtime-3.1
3.1.8-2.0.1.el8_2
aspnetcore-targeting-pack-3.1
3.1.8-2.0.1.el8_2
dotnet
3.1.108-2.0.1.el8_2
dotnet-apphost-pack-3.1
3.1.8-2.0.1.el8_2
dotnet-host
3.1.8-2.0.1.el8_2
dotnet-hostfxr-3.1
3.1.8-2.0.1.el8_2
dotnet-runtime-3.1
3.1.8-2.0.1.el8_2
dotnet-sdk-3.1
3.1.108-2.0.1.el8_2
dotnet-targeting-pack-3.1
3.1.8-2.0.1.el8_2
dotnet-templates-3.1
3.1.108-2.0.1.el8_2
netstandard-targeting-pack-2.1
3.1.108-2.0.1.el8_2
Связанные CVE
Связанные уязвимости
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
Microsoft ASP.NET Core Security Feature Bypass Vulnerability
<p>A security feature bypass vulnerability exists in the way Microsoft ...
