ESB-2017.2974 - [RedHat] .NET Core: Denial of service - Remote/unauthenticated 2017-11-21

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2974
                     RHEL 7: .NET Core security update
                             21 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           .NET Core
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-11770 CVE-2017-8585 

Reference:         ASB-2017.0193
                   ASB-2017.0098

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2017:3248

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: .NET Core security update
Advisory ID:       RHSA-2017:3248-01
Product:           dotNET on RHEL
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:3248
Issue date:        2017-11-20
CVE Names:         CVE-2017-8585 CVE-2017-11770 
=====================================================================

1. Summary:

A security update for .NET Core on RHEL is now available.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

New versions of .NET Core that address several security vulnerabilities are
now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3.

Security Fixes:

* By providing an invalid culture, an attacker can cause a recursive lookup
that leads to a denial of service. (CVE-2017-8585)

* Supplying a specially crafted certificate can cause an infinite
X509Chain, resulting in a denial of service. (CVE-2017-11770)

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture
1512992 - CVE-2017-11770 dotNET: DDos via bad certificate

6. Package List:

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm

x86_64:
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm

x86_64:
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm

x86_64:
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm

x86_64:
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm

x86_64:
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm

x86_64:
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm

x86_64:
rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm
rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm

x86_64:
rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm
rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm

x86_64:
rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm
rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-8585
https://access.redhat.com/security/cve/CVE-2017-11770
https://access.redhat.com/security/updates/classification/#low

https://github.com/dotnet/announcements/issues/34
https://github.com/dotnet/announcements/issues/44

https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md
https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md
https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7
qK6A1l+OTjiiqdhM/cGc8ZU=
=DZ68
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWhNy24x+lLeg9Ub1AQgNog/+PiohieqBVgg5+zfQCWSZAk2jf+qAifB3
SO+T6t0KRBED/aZBebXjmjcZdQ8fpl3j9lkyJCVX6xhmbft/vKvCKX5iZ185DGZR
U/mHa5/9eiZLPwTFbVt6T5FqrpCeIsAt5hJrPgCiWG9w5osGmifvR85ioDJj2QBv
Xn1qzjp8jNXipjFF1KGeXctYBbJMvZwUeRMyMwOLk/7TR6A1eJMo63TEBpo67mUA
2tGlgZosS757q8QETR5d65zIz9EDhZqS4spEvvkbmbtVmiXKiFCAAXRtDPzZ03gS
Y2ar+dwSU5FzN3cRJdIxPw0YHLZjne+C8mlvouy7AubnWCL0UBMJ3/akIi+34Nwb
g9EezzpH7VxunvOFvny6OKqMfpJZNQVyY2QeojfOpsH0ZCSpT6A3AC7Zi6mz2bIR
lRI7w30MXO+/pfUOBiGDM88LE+SMjtjUG5Ke4hpL5jHcu7odDshfn36D8rrXyIaT
s2N4gEreLsXZapwPdwb9WVHpCgBjN+3klcLA190uq0tnnmMA/pmJiugy25aVuLSf
Ea9CxxdNnVx4bZlWpaQDHjcL+kgMSNiuKaa9nB3DabZqukVcDYkSgYUGCEImcNK4
8nOCIet/X/yaAC55e91dYoOlY15kZbPsoe8EbEOvCtvg2TaLEdeLobieC2KncH++
vb+5KLAymaY=
=BssM
-----END PGP SIGNATURE-----

« Back to bulletins