Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2735 Security Advisory for .NET Core Runtime and SDK for Red Hat Enterprise Linux 13 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET Core Runtime and SDK Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-8409 Reference: ASB-2018.0214 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:2684 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: .NET Core Runtime 2.1.4 and SDK 2.1.402 for Red Hat Enterprise Linux Advisory ID: RHSA-2018:2684-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2684 Issue date: 2018-09-12 ===================================================================== 1. Summary: Updates for rh-dotnet21 and rh-dotnet21-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects. Security Fix(es): Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more information, please refer to the upstream docs: - - - .NET Core 2.1.4: https://github.com/dotnet/core/issues/1932 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1621889 - .NET Core applications get oom killed on Kubernetes/OpenShift 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-3.el7.src.rpm rh-dotnet21-dotnet-2.1.402-2.el7.src.rpm x86_64: rh-dotnet21-2.1-3.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.4-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.4-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.4xx-2.1.402-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-3.el7.src.rpm rh-dotnet21-dotnet-2.1.402-2.el7.src.rpm x86_64: rh-dotnet21-2.1-3.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.4-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.4-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.4xx-2.1.402-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-2.1-3.el7.src.rpm rh-dotnet21-dotnet-2.1.402-2.el7.src.rpm x86_64: rh-dotnet21-2.1-3.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.4-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.4-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.402-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.4xx-2.1.402-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW5i8f9zjgjWX9erEAQhGXQ//eNmhcNQ2o98eFdNYxdAAXdObqAGATb25 4a216IsJ8zRw5B9ZhaJ2CSYL0eJzfgiavXzEXX4oEnawcDB0DAo221yjTQdfEr9W yvMfaUwLOtGcAmvY5L/0ckC1cAnOkocxNOt55GnhHyifbNQCWPDTIfEeIbjyctKd pPGfADE10b40JvBO6OIM9PnPHfa8CjplfYcshdjd5xlVKYZ3yGAbFyC7wAuawKu2 gADt+MN8bZwmjOUEu6LNLZMdKQkW+khON67ugEphmqu+uPA76ifUNqWSzRbZ+BiZ 9YIE+9pyUq4dY7VXWFiA96wULX/Tk0qvxZSSMaEoNl62aysAN7ZgrvJJd8yRmt82 C8H81nddT+peLRhzEZv4CIs4nXpXXK6qundixasbghuoCbFduoYH3sXfNVlYE0Ol mTvEMjZXGQQpiZRhcoEQZpOmo0bY4NhxV+nqsxSmhsB8Q/yKz+QVa3qeBmXfme0u CT18AB73H+Ir28vvnYT5E8ntgoesu+ANCHnqr2JK2XGBozLScs2FaYIMXkLtf9zJ ey1XifyAGzHdcgH3EQ3cZUpXURyrae+aGmizmyirQs/T88Epbt8AAxynzhgHcovV WZ7c2CPRJqR2aNIY47I62vyOF8fzlk5Ywoierj8miaEjLGQIllmFHlHfPE2cUpzd 9GzL7InjOfI= =3w2B - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5oJcmaOgq3Tt24GAQhG0Q//a7Eqe8E5xUZeBUhMNIcGTQ+kgJH9rBgP CAND21YmThXEAUbDro6/duCbPNp2xwiAOom6H7b1Nv55y+MAY8J0M2W+nboWPdJy naIoJ/iB0LpQkw6ON5aPVYZKeznazXIYA+ci1WnGytKKCQsXtvYmzTD8Jr3UD2+d prc963xDtFTX3J/0F5QbjwMixevkhWPRTC+XEzWUrVHHrMSB/kCj53THVbKvQAP9 u0E4XG4rsdAfbImvBK0lgloJ5KiyjnNvylNqG9+XbjtqrSgBBZ9FjKi4bJbRx1E7 N5mwHbuzvzud5uLUhwXsG1N5FWY8mdFGglyXBGOJRj2Jkz+HrKghDL6oWKUcqoeZ 15+hSD9yTnGYvqnzXl8asBswaziF7aJ0MRoMWTP9My307ZeOl/HC61w2RCGoxmzI s98R4zp+YvEzFAEX5c5HwJer6++wldV/Y2hU07MDl7HWLGBfs13uPCwMUyfrrm71 JlbVqAw/RLyhEOQzRp493TKEZkyVszz052s9PywBFVMEuf+80sP7PiqmbwZN7KaM WdInEM8IFmHLZuBf3vpxN/9THTgmqV8hClW5ewHUFudttdBbCb3WN9XDKgDpbvia zPkbMd97BTT2TpXDQg3eiQ75OtMQBs3Iyla/xf3tF3ACFaBrqN2FKZJhWP1ablAC /+HnhLNm/zk= =6s+t -----END PGP SIGNATURE-----