Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:5749

Опубликовано: 24 окт. 2023
Источник: rocky
Оценка: Important

Описание

Important: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
aspnetcore-runtime-7.0aarch641.el9_2aspnetcore-runtime-7.0-7.0.12-1.el9_2.aarch64.rpm
aspnetcore-targeting-pack-7.0aarch641.el9_2aspnetcore-targeting-pack-7.0-7.0.12-1.el9_2.aarch64.rpm
dotnet-apphost-pack-7.0aarch641.el9_2dotnet-apphost-pack-7.0-7.0.12-1.el9_2.aarch64.rpm
dotnet-hostaarch641.el9_2dotnet-host-7.0.12-1.el9_2.aarch64.rpm
dotnet-hostfxr-7.0aarch641.el9_2dotnet-hostfxr-7.0-7.0.12-1.el9_2.aarch64.rpm
dotnet-runtime-7.0aarch641.el9_2dotnet-runtime-7.0-7.0.12-1.el9_2.aarch64.rpm
dotnet-sdk-7.0aarch641.el9_2dotnet-sdk-7.0-7.0.112-1.el9_2.aarch64.rpm
dotnet-targeting-pack-7.0aarch641.el9_2dotnet-targeting-pack-7.0-7.0.12-1.el9_2.aarch64.rpm
dotnet-templates-7.0aarch641.el9_2dotnet-templates-7.0-7.0.112-1.el9_2.aarch64.rpm
netstandard-targeting-pack-2.1aarch641.el9_2netstandard-targeting-pack-2.1-7.0.112-1.el9_2.aarch64.rpm

Показывать по

Связанные CVE

CVE-2023-44487

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-44487

CVSS3: 7.5
ubuntu
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

redhat логотип

CVE-2023-44487

CVSS3: 7.5
redhat
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

nvd логотип

CVE-2023-44487

CVSS3: 7.5
nvd
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

msrc логотип

CVE-2023-44487

msrc
больше 1 года назад

MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

debian логотип

CVE-2023-44487

CVSS3: 7.5
debian
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consum ...