Описание
Important: .NET 6.0 security, bug fix, and enhancement update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.
Security Fix(es):
-
dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
-
dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
-
dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 2083647
- Red Hat - 2083649
- Red Hat - 2083650
Связанные уязвимости
Important: .NET Core 3.1 security, bug fix, and enhancement update
ELSA-2022-4588: .NET 6.0 security, bug fix, and enhancement update (IMPORTANT)
ELSA-2022-2202: .NET Core 3.1 security, bug fix, and enhancement update (IMPORTANT)
ELSA-2022-2200: .NET 5.0 security, bug fix, and enhancement update (IMPORTANT)
ELSA-2022-2199: .NET 6.0 security, bug fix, and enhancement update (IMPORTANT)