Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0496 .NET security and bugfix update 11 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET Core 3.1 .NET Core 2.1 .NET 5.0 Publisher: Red Hat Operating System: Red Hat Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-1721 Reference: ASB-2021.0045 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0471 https://access.redhat.com/errata/RHSA-2021:0470 https://access.redhat.com/errata/RHSA-2021:0472 https://access.redhat.com/errata/RHSA-2021:0473 https://access.redhat.com/errata/RHSA-2021:0474 https://access.redhat.com/errata/RHSA-2021:0476 Comment: This bulletin contains six (6) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: dotnet3.1 security and bugfix update Advisory ID: RHSA-2021:0471-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0471 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ===================================================================== 1. Summary: An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.112 and .NET Core Runtime 3.1.12. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: dotnet3.1-3.1.112-1.el8_3.src.rpm x86_64: aspnetcore-runtime-3.1-3.1.12-1.el8_3.x86_64.rpm aspnetcore-targeting-pack-3.1-3.1.12-1.el8_3.x86_64.rpm dotnet-apphost-pack-3.1-3.1.12-1.el8_3.x86_64.rpm dotnet-apphost-pack-3.1-debuginfo-3.1.12-1.el8_3.x86_64.rpm dotnet-hostfxr-3.1-3.1.12-1.el8_3.x86_64.rpm dotnet-hostfxr-3.1-debuginfo-3.1.12-1.el8_3.x86_64.rpm dotnet-runtime-3.1-3.1.12-1.el8_3.x86_64.rpm dotnet-runtime-3.1-debuginfo-3.1.12-1.el8_3.x86_64.rpm dotnet-sdk-3.1-3.1.112-1.el8_3.x86_64.rpm dotnet-sdk-3.1-debuginfo-3.1.112-1.el8_3.x86_64.rpm dotnet-targeting-pack-3.1-3.1.12-1.el8_3.x86_64.rpm dotnet-templates-3.1-3.1.112-1.el8_3.x86_64.rpm dotnet3.1-debuginfo-3.1.112-1.el8_3.x86_64.rpm dotnet3.1-debugsource-3.1.112-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQMNtzjgjWX9erEAQgwQA//cI/JmOUGAEI6vG/mVePbT1QJbmmtXpXB OY0Fc2fIsyXzOO8eUSoTVX+uGK2Fgw4g8Mud5m6krGZJxEcwBrR0YWRaedqNuM4c 6yQSI5/H1ACAvVACzINK62fStbVl99CneBwbQwj6OWqh22b89bruK7iTMn444T4v Nm5i1xgChpnO8s28hJH3UXnrFeqncjIG9XQKk/1G4LANkvO4biVyQfjHboN4pAR9 Z0dI0IM0EUyBXMgZdp43H1sJggrTkE77oBt7pc1yc/wFdNpJIZqkwWcTqVobAV4Z v2Y7Ktu/hrYRxQ1PMJWNHud1ddm46hx1cMg2AM0REf05uRdiyGQQFYdBRaXqGIk3 dhzQgObMlaY8M5qXV9eKZd0S0/YnaBkc8KJ9BIo+QWoaKerddvrsTCe45PmKyKdT 2m0QiU8aTkQ8GyN3rmUKihclH3qWSqmtp1K51XwUwW4pgieHFhmZD3c3W13vZyXu 7KRn89cu75cEbMKm/6iK01pw5POc9xbl68IFRnYUNXtihwvP2zonaaky5VxuS7io UE0/3D74lvbeU2+N1AKC9RvasS6FcAIn/f0F00/aHdAhQufoiRQrtWiaS+AyZh+t +pN0j1Vu7mXH9/fDAr7Af149KSAR9FLNGsng03y9SEfKkOJZI4Ezpj7CeNCDXc+t tq8nXoY4V+k= =Vf1v - -----END PGP SIGNATURE----- - ---------------------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0470-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0470 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ===================================================================== 1. Summary: An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.521 and .NET Core Runtime 2.1.25. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-24.el7_9.src.rpm rh-dotnet21-dotnet-2.1.521-1.el7_9.src.rpm x86_64: rh-dotnet21-2.1-24.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.25-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.25-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-24.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-24.el7_9.src.rpm rh-dotnet21-dotnet-2.1.521-1.el7_9.src.rpm x86_64: rh-dotnet21-2.1-24.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.25-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.25-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-24.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-2.1-24.el7_9.src.rpm rh-dotnet21-dotnet-2.1.521-1.el7_9.src.rpm x86_64: rh-dotnet21-2.1-24.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.25-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.25-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.521-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-24.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQRXtzjgjWX9erEAQhOuhAApP/UNJTcOM3wj240KAWCeY7Ogd1O49dx 2yGl0lRa3lkuMXrP55JzPv0NDmOTL0DFAhVgft7RTc0dsc0NFwpHTJ6G/IqTeZv6 GPqMI+80hgqTDxcwk+emxQC1FYiSCwbnEuQHRXsnlL3WlIgu4QYipDe8UrEJ1lhR 4EkdXBv8pss1C9o/qGNKnMWDUAXTpKo6INeAxNweFBDaeoegu30/3PW6pMGP09Dd LHm2p6YWmsOdCPDBFnLpZDQT0gUHS8vJi4309Xsw4hyaqucGk5002JyErdp9E86a BoPqFLnOa8fHkqQzhnQ10/sti5ex4yxk11QMDKawJBeRdznn0ewYkjkqmLwy3r/V DFw3Hk3gffVIA+O5J5S55ffmjfIBQg7c1LetoutU7cNCcTEMbz0NzA7DFfKEpi+2 M8nPBqsKXUtm8droQxmwQOwOzEglnSGPmcjUVSu2O3iNf5sbyVQLz9OZMfgAa6/A yGatLG26s2X46FGqBEPGIxDjFk+WWwHC9Mb62zlYq8/iWp6MDnSSOBiNGDn9pOo1 xMPedQu2t034rH1cMw9cEyUCAQl4uuKrMg9+bG3Wi9VWwD/QIAMGbQyDz8XILF6P 7CXDFjkHpyYi5wNyZfrT3jf31xXqjtTdfrwNDBjdlBMX+BYxgSX65+89fOLxjkgu y3bP0lHunuE= =Kz/e - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------------------- ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0472-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0472 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ===================================================================== 1. Summary: An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.112 and .NET Core Runtime 3.1.12. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.112-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.112-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.112-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.112-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.112-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.112-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.112-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQRetzjgjWX9erEAQgjIBAAlxhNv+IEcPARcJRjgQ0kTd3x50O0ZjUX wJDArdgA08GjWysd2YqH2fMYws5FBWv21Q+wYw4ugnZwahdsBhFo/aB0nCMRjYM2 U9907MCYaz8fbVlQFf5/TLUYMDdMQUJwDgT4iiQyqPvHrERQZoZz1gS8s7aCpZxY MzC3Ajxmw+azNu6z25uZc9bhGtsji4RccJZg73e9khRKRoiV4A1771DNtZh4P6tA PrqjF+qiY9wKHIS6sR1EWMZLUiPptd97fKZjmtwdNBIf3w7d5qMwTctlscDCPqXN HR9Std42JUMORxg1qdIRkrwa13VewNolWr3TGg64/B/4qfhrI1Zh/2tyO1XJzCgj Zy4zL4yLssrE9rslu0hha+B4cDvAg194NjA642RmUt5evW7nGEPGb/44rJtHbINV mZ1UW6qWshNJYo8Ba9xlMdz7I6zxhR0MvX6WROFfPw+4eROvc8mKV6mZCm63vYF7 Zw67o87bRzQpRN8gLZMuo0oerZv4uvVsxMN7lQ1slRBhuX9UAHi8WKF6vsNlc5YY uQBPE1Ux/XxHeYvebLbKXkabCtcmAvkSCNpc3a6495tTNnX7KEYgVD/Y3nnbtd/A u5fQ34C5Pt0RP3hHI3FJYLZi9sk+bWrxWyM1iyCxy7/PAEdRSv6UYRZgVW1Hm23H Tx8YGmLqiIQ= =yt7l - -----END PGP SIGNATURE----- - ---------------------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0473-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0473 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ===================================================================== 1. Summary: An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ YEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT lNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o EixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj qs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa rzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f 6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT yPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR K8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH ey6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9 97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc +Hn3J/UvwRI= =efGS - -----END PGP SIGNATURE----- - ---------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: dotnet security and bugfix update Advisory ID: RHSA-2021:0474-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0474 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ===================================================================== 1. Summary: An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.521 and .NET Core Runtime 2.1.25. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: dotnet-2.1.521-1.el8_3.src.rpm x86_64: dotnet-debuginfo-2.1.521-1.el8_3.x86_64.rpm dotnet-debugsource-2.1.521-1.el8_3.x86_64.rpm dotnet-host-fxr-2.1-2.1.25-1.el8_3.x86_64.rpm dotnet-host-fxr-2.1-debuginfo-2.1.25-1.el8_3.x86_64.rpm dotnet-runtime-2.1-2.1.25-1.el8_3.x86_64.rpm dotnet-runtime-2.1-debuginfo-2.1.25-1.el8_3.x86_64.rpm dotnet-sdk-2.1-2.1.521-1.el8_3.x86_64.rpm dotnet-sdk-2.1.5xx-2.1.521-1.el8_3.x86_64.rpm dotnet-sdk-2.1.5xx-debuginfo-2.1.521-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQYZtzjgjWX9erEAQg6CA//adxM9erxaM+unSgX7zRXIGldLPpU27gV V0Lcvpoflh8cEI87reG6gptitp/ihapSo/GuX5BRSmIchuB0pwexF4YvQXAliDeX X1JOstQdnxxktfqeFFwMULcqBwR/nkHXitlXiy5r7f90Cs77cpEmnvY492dYGp5m puF8qbHp7u46I55P9AzZvPC1Rm2M1jnbuIdvLlTDLfxsAcMU0usQWeIsa3YvhTVO LkyfINYeo1UV+S24ItUbQJ3vL7z3YTQlkG4g6Gyc8sHjwFYtzKyUlWr0IMr+pH4d DNzXOSWsKI9Rt2Zj/vDvyQIwxK6d4ahacj0FrDDe2yholSd1LlOHW9wgf4jBE6nv Ic5+0cQNtvMrGo5TFYbfD5N2qup5xRK5rwdcF3mgVYRId5FR5DlJwCzVRQ6af2sZ /IH2q5rezTIpczrL7wKpI9fQk8HpdZidl+ua+pOjZdePgz2PNuWCv2NK8WNFMb2D D+YQzU9oAMS9+FIvof2oN0Xv5eP+ibIzV/bAWEqP2oNTLvld0RclMoSsnpz2w1Sw 2WoiQiAukCyJzQJ0meV58WGx2q58sKGC6wF1vOgocSvgvlZnpPafL1r5n+yvPuY1 HbX1QME5bVUigjaz9KHG0zNfYPCb+Uyae2Pwol+3EH/BOE/QBo/yhnDQ0ZdM4odx BNuPErmQBrE= =/Vx0 - -----END PGP SIGNATURE----- - ------------------------------------------------------------------------------------- ===================================================================== Red Hat Security Advisory Synopsis: Important: dotnet5.0 security and bugfix update Advisory ID: RHSA-2021:0476-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0476 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ===================================================================== 1. Summary: An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: dotnet5.0-5.0.103-1.el8_3.src.rpm x86_64: aspnetcore-runtime-5.0-5.0.3-1.el8_3.x86_64.rpm aspnetcore-targeting-pack-5.0-5.0.3-1.el8_3.x86_64.rpm dotnet-5.0.103-1.el8_3.x86_64.rpm dotnet-apphost-pack-5.0-5.0.3-1.el8_3.x86_64.rpm dotnet-apphost-pack-5.0-debuginfo-5.0.3-1.el8_3.x86_64.rpm dotnet-host-5.0.3-1.el8_3.x86_64.rpm dotnet-host-debuginfo-5.0.3-1.el8_3.x86_64.rpm dotnet-hostfxr-5.0-5.0.3-1.el8_3.x86_64.rpm dotnet-hostfxr-5.0-debuginfo-5.0.3-1.el8_3.x86_64.rpm dotnet-runtime-5.0-5.0.3-1.el8_3.x86_64.rpm dotnet-runtime-5.0-debuginfo-5.0.3-1.el8_3.x86_64.rpm dotnet-sdk-5.0-5.0.103-1.el8_3.x86_64.rpm dotnet-sdk-5.0-debuginfo-5.0.103-1.el8_3.x86_64.rpm dotnet-targeting-pack-5.0-5.0.3-1.el8_3.x86_64.rpm dotnet-templates-5.0-5.0.103-1.el8_3.x86_64.rpm dotnet5.0-debuginfo-5.0.103-1.el8_3.x86_64.rpm dotnet5.0-debugsource-5.0.103-1.el8_3.x86_64.rpm netstandard-targeting-pack-2.1-5.0.103-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQaCtzjgjWX9erEAQhcLRAAlJ18ZPfBbxb6ZCBzhNrlHOI6BFR4iLa5 yWRorMl9dt5EvqGb4URI9tlmssbrvWakNYI9UTgkkxYDhsmE1D+j+hPdQW+N09+l 6Bwpl71qoCfacaSC2oOPWr0sd4/wnlKizEyyQ8FWN7XG7Q2SjD3mWrmPtELcpD3S tjkv2YUePCykzepJ/tO08cKYnEcu4P7IzNmA6ziWT+Eap+DVfONLGYBFDZPh1u70 0E+XLZI0rq8hNu2w1qNUW4ds6yajfZt0UnXbaUJvavofEa7aS5sCYpEDsXORZRiQ d3qKCSnu98885bP8H2DpUwPKSchSf4R4a+dmz9I73jXE5XhkjQ64O9pOVTP09pBb NqEaiBdBJ45jFJLuxH4RAIWm8/EUs8XILrvO/DvMKi/2VSq0zOFTA3iE9J/mloq3 MgHv/4U7zVQFkhtmri4egPxRZDTeFowosZy2X7Ew4EgQ+/BtloQIfL6TcDjF+aLB iufAsAJTh63LCJv2gm689NpXIfQMM3GmhJ26o2cg9lLwBNXgS80UGLtgpxcp73hA ZMKzPx028uhvStw79Og42vSWNAvY5Hlgs9azh+EkscricQ6t3pVz2fCjIZOuYDNC t83biqcXHvpgskUW7AEW4FPH05PRCSCXUfRku3SDzmu84LDYkgbbxdZkkizptjxq v8pIL3KSpeQ= =PQir - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCSqpONLKJtyKPYoAQgJSw//fzMii2aGAyKAXYvAk2deUAiZ6hHsU69s HjeqDeJqmjU/NU/m4D4Jq1ACbF0ivA+R2blnvLV8rXkVrwpFamYLKlhWYvXkuTt2 t0HheE1R+Q25kzE+29KTmsPdImJpm9Ejb6tm6tB0e2xak4rIwmgDKAnxixgYP3Fc ivrktNQ3NvYQYnn0AbloCEdfCD+tiyKooOGk15kmN2hUSrigIVX3RxHuhLHsJ8bq b5abDHMAsNm5AbK3Iyg5ru1iIR4yDpyrH0LouHT7q66miRgYRahEFXsbJOYPLOnT +lC1uoTZXe9x3jPwjPKdofivTMM8/W55USyY0I1U6rTQvqp+LaEJETnt7iQSNjw7 d1Q/xNO1ulNjNezKIsB7UUY7OAnyqIEa4BTW79LLlvGR6eW0Dlo/LFctO6AHMaQv S2spwaCr2y0N+j3q4RG+9vbAKimsomGmQTIHee5lUA7lCpZMCq/at0XfyQjKAFcT G0+ZsrBsk1OBG74m39tVSfpNY6Rm+5Enw37a86cm2AWUeRdqumHzei0U0YtPk5q0 fqpMQbqB2jEjv8bOkT6Gmb8jiojdjB4QVGVpOEEWQhAFEP9uJ/Nw/8Qfxm4TnkEX MHyMOrb7bYALxRCTvQuz65Twe+Aeru+/9fDTiee8unNHDHjHalextrUIty4JIIRS OyGig2Fw+AA= =aYoQ -----END PGP SIGNATURE-----