-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0496
                      .NET security and bugfix update
                             11 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           .NET Core 3.1
                   .NET Core 2.1
                   .NET 5.0
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1721  

Reference:         ASB-2021.0045

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0471
   https://access.redhat.com/errata/RHSA-2021:0470
   https://access.redhat.com/errata/RHSA-2021:0472
   https://access.redhat.com/errata/RHSA-2021:0473
   https://access.redhat.com/errata/RHSA-2021:0474
   https://access.redhat.com/errata/RHSA-2021:0476

Comment: This bulletin contains six (6) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dotnet3.1 security and bugfix update
Advisory ID:       RHSA-2021:0471-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0471
Issue date:        2021-02-10
CVE Names:         CVE-2021-1721 
=====================================================================

1. Summary:

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux
8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - x86_64

3. Description:

.NET Core is a managed-software framework. It implements a subset of the
.NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 3.1.112 and .NET Core
Runtime 3.1.12.

Security Fix(es):

* dotnet: certificate chain building recursion Denial of Service
(CVE-2021-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
dotnet3.1-3.1.112-1.el8_3.src.rpm

x86_64:
aspnetcore-runtime-3.1-3.1.12-1.el8_3.x86_64.rpm
aspnetcore-targeting-pack-3.1-3.1.12-1.el8_3.x86_64.rpm
dotnet-apphost-pack-3.1-3.1.12-1.el8_3.x86_64.rpm
dotnet-apphost-pack-3.1-debuginfo-3.1.12-1.el8_3.x86_64.rpm
dotnet-hostfxr-3.1-3.1.12-1.el8_3.x86_64.rpm
dotnet-hostfxr-3.1-debuginfo-3.1.12-1.el8_3.x86_64.rpm
dotnet-runtime-3.1-3.1.12-1.el8_3.x86_64.rpm
dotnet-runtime-3.1-debuginfo-3.1.12-1.el8_3.x86_64.rpm
dotnet-sdk-3.1-3.1.112-1.el8_3.x86_64.rpm
dotnet-sdk-3.1-debuginfo-3.1.112-1.el8_3.x86_64.rpm
dotnet-targeting-pack-3.1-3.1.12-1.el8_3.x86_64.rpm
dotnet-templates-3.1-3.1.112-1.el8_3.x86_64.rpm
dotnet3.1-debuginfo-3.1.112-1.el8_3.x86_64.rpm
dotnet3.1-debugsource-3.1.112-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-1721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCQMNtzjgjWX9erEAQgwQA//cI/JmOUGAEI6vG/mVePbT1QJbmmtXpXB
OY0Fc2fIsyXzOO8eUSoTVX+uGK2Fgw4g8Mud5m6krGZJxEcwBrR0YWRaedqNuM4c
6yQSI5/H1ACAvVACzINK62fStbVl99CneBwbQwj6OWqh22b89bruK7iTMn444T4v
Nm5i1xgChpnO8s28hJH3UXnrFeqncjIG9XQKk/1G4LANkvO4biVyQfjHboN4pAR9
Z0dI0IM0EUyBXMgZdp43H1sJggrTkE77oBt7pc1yc/wFdNpJIZqkwWcTqVobAV4Z
v2Y7Ktu/hrYRxQ1PMJWNHud1ddm46hx1cMg2AM0REf05uRdiyGQQFYdBRaXqGIk3
dhzQgObMlaY8M5qXV9eKZd0S0/YnaBkc8KJ9BIo+QWoaKerddvrsTCe45PmKyKdT
2m0QiU8aTkQ8GyN3rmUKihclH3qWSqmtp1K51XwUwW4pgieHFhmZD3c3W13vZyXu
7KRn89cu75cEbMKm/6iK01pw5POc9xbl68IFRnYUNXtihwvP2zonaaky5VxuS7io
UE0/3D74lvbeU2+N1AKC9RvasS6FcAIn/f0F00/aHdAhQufoiRQrtWiaS+AyZh+t
+pN0j1Vu7mXH9/fDAr7Af149KSAR9FLNGsng03y9SEfKkOJZI4Ezpj7CeNCDXc+t
tq8nXoY4V+k=
=Vf1v
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update
Advisory ID:       RHSA-2021:0470-01
Product:           .NET Core on Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0470
Issue date:        2021-02-10
CVE Names:         CVE-2021-1721 
=====================================================================

1. Summary:

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat
Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET Core is a managed-software framework. It implements a subset of the
.NET framework APIs and several new APIs, and it includes a CLR
implementation.

New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 2.1.521 and .NET Core
Runtime 2.1.25.

Security Fix(es):

* dotnet: certificate chain building recursion Denial of Service
(CVE-2021-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnet21-2.1-24.el7_9.src.rpm
rh-dotnet21-dotnet-2.1.521-1.el7_9.src.rpm

x86_64:
rh-dotnet21-2.1-24.el7_9.x86_64.rpm
rh-dotnet21-dotnet-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.25-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.25-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-runtime-2.1-24.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnet21-2.1-24.el7_9.src.rpm
rh-dotnet21-dotnet-2.1.521-1.el7_9.src.rpm

x86_64:
rh-dotnet21-2.1-24.el7_9.x86_64.rpm
rh-dotnet21-dotnet-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.25-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.25-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-runtime-2.1-24.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnet21-2.1-24.el7_9.src.rpm
rh-dotnet21-dotnet-2.1.521-1.el7_9.src.rpm

x86_64:
rh-dotnet21-2.1-24.el7_9.x86_64.rpm
rh-dotnet21-dotnet-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.25-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.25-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.521-1.el7_9.x86_64.rpm
rh-dotnet21-runtime-2.1-24.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-1721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCQRXtzjgjWX9erEAQhOuhAApP/UNJTcOM3wj240KAWCeY7Ogd1O49dx
2yGl0lRa3lkuMXrP55JzPv0NDmOTL0DFAhVgft7RTc0dsc0NFwpHTJ6G/IqTeZv6
GPqMI+80hgqTDxcwk+emxQC1FYiSCwbnEuQHRXsnlL3WlIgu4QYipDe8UrEJ1lhR
4EkdXBv8pss1C9o/qGNKnMWDUAXTpKo6INeAxNweFBDaeoegu30/3PW6pMGP09Dd
LHm2p6YWmsOdCPDBFnLpZDQT0gUHS8vJi4309Xsw4hyaqucGk5002JyErdp9E86a
BoPqFLnOa8fHkqQzhnQ10/sti5ex4yxk11QMDKawJBeRdznn0ewYkjkqmLwy3r/V
DFw3Hk3gffVIA+O5J5S55ffmjfIBQg7c1LetoutU7cNCcTEMbz0NzA7DFfKEpi+2
M8nPBqsKXUtm8droQxmwQOwOzEglnSGPmcjUVSu2O3iNf5sbyVQLz9OZMfgAa6/A
yGatLG26s2X46FGqBEPGIxDjFk+WWwHC9Mb62zlYq8/iWp6MDnSSOBiNGDn9pOo1
xMPedQu2t034rH1cMw9cEyUCAQl4uuKrMg9+bG3Wi9VWwD/QIAMGbQyDz8XILF6P
7CXDFjkHpyYi5wNyZfrT3jf31xXqjtTdfrwNDBjdlBMX+BYxgSX65+89fOLxjkgu
y3bP0lHunuE=
=Kz/e
- -----END PGP SIGNATURE-----

- -----------------------------------------------------------------------------------

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update
Advisory ID:       RHSA-2021:0472-01
Product:           .NET Core on Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0472
Issue date:        2021-02-10
CVE Names:         CVE-2021-1721 
=====================================================================

1. Summary:

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat
Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET Core is a managed-software framework. It implements a subset of the
.NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 3.1.112 and .NET Core
Runtime 3.1.12.

Security Fix(es):

* dotnet: certificate chain building recursion Denial of Service
(CVE-2021-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnet31-dotnet-3.1.112-1.el7_9.src.rpm

x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.112-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnet31-dotnet-3.1.112-1.el7_9.src.rpm

x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.112-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnet31-dotnet-3.1.112-1.el7_9.src.rpm

x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.12-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.112-1.el7_9.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.112-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-1721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCQRetzjgjWX9erEAQgjIBAAlxhNv+IEcPARcJRjgQ0kTd3x50O0ZjUX
wJDArdgA08GjWysd2YqH2fMYws5FBWv21Q+wYw4ugnZwahdsBhFo/aB0nCMRjYM2
U9907MCYaz8fbVlQFf5/TLUYMDdMQUJwDgT4iiQyqPvHrERQZoZz1gS8s7aCpZxY
MzC3Ajxmw+azNu6z25uZc9bhGtsji4RccJZg73e9khRKRoiV4A1771DNtZh4P6tA
PrqjF+qiY9wKHIS6sR1EWMZLUiPptd97fKZjmtwdNBIf3w7d5qMwTctlscDCPqXN
HR9Std42JUMORxg1qdIRkrwa13VewNolWr3TGg64/B/4qfhrI1Zh/2tyO1XJzCgj
Zy4zL4yLssrE9rslu0hha+B4cDvAg194NjA642RmUt5evW7nGEPGb/44rJtHbINV
mZ1UW6qWshNJYo8Ba9xlMdz7I6zxhR0MvX6WROFfPw+4eROvc8mKV6mZCm63vYF7
Zw67o87bRzQpRN8gLZMuo0oerZv4uvVsxMN7lQ1slRBhuX9UAHi8WKF6vsNlc5YY
uQBPE1Ux/XxHeYvebLbKXkabCtcmAvkSCNpc3a6495tTNnX7KEYgVD/Y3nnbtd/A
u5fQ34C5Pt0RP3hHI3FJYLZi9sk+bWrxWyM1iyCxy7/PAEdRSv6UYRZgVW1Hm23H
Tx8YGmLqiIQ=
=yt7l
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update
Advisory ID:       RHSA-2021:0473-01
Product:           .NET Core on Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0473
Issue date:        2021-02-10
CVE Names:         CVE-2021-1721 
=====================================================================

1. Summary:

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat
Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now
available. The updated versions are .NET SDK 5.0.103 and .NET Runtime
5.0.3.

Security Fix(es):

* dotnet: certificate chain building recursion Denial of Service
(CVE-2021-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm

x86_64:
rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm

x86_64:
rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm

x86_64:
rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm
rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-1721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ
YEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT
lNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o
EixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj
qs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa
rzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f
6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT
yPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR
K8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH
ey6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9
97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc
+Hn3J/UvwRI=
=efGS
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dotnet security and bugfix update
Advisory ID:       RHSA-2021:0474-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0474
Issue date:        2021-02-10
CVE Names:         CVE-2021-1721 
=====================================================================

1. Summary:

An update for .NET Core 2.1 is now available for Red Hat Enterprise Linux
8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - x86_64

3. Description:

.NET Core is a managed-software framework. It implements a subset of the
.NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 2.1.521 and .NET Core
Runtime 2.1.25.

Security Fix(es):

* dotnet: certificate chain building recursion Denial of Service
(CVE-2021-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
dotnet-2.1.521-1.el8_3.src.rpm

x86_64:
dotnet-debuginfo-2.1.521-1.el8_3.x86_64.rpm
dotnet-debugsource-2.1.521-1.el8_3.x86_64.rpm
dotnet-host-fxr-2.1-2.1.25-1.el8_3.x86_64.rpm
dotnet-host-fxr-2.1-debuginfo-2.1.25-1.el8_3.x86_64.rpm
dotnet-runtime-2.1-2.1.25-1.el8_3.x86_64.rpm
dotnet-runtime-2.1-debuginfo-2.1.25-1.el8_3.x86_64.rpm
dotnet-sdk-2.1-2.1.521-1.el8_3.x86_64.rpm
dotnet-sdk-2.1.5xx-2.1.521-1.el8_3.x86_64.rpm
dotnet-sdk-2.1.5xx-debuginfo-2.1.521-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-1721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCQYZtzjgjWX9erEAQg6CA//adxM9erxaM+unSgX7zRXIGldLPpU27gV
V0Lcvpoflh8cEI87reG6gptitp/ihapSo/GuX5BRSmIchuB0pwexF4YvQXAliDeX
X1JOstQdnxxktfqeFFwMULcqBwR/nkHXitlXiy5r7f90Cs77cpEmnvY492dYGp5m
puF8qbHp7u46I55P9AzZvPC1Rm2M1jnbuIdvLlTDLfxsAcMU0usQWeIsa3YvhTVO
LkyfINYeo1UV+S24ItUbQJ3vL7z3YTQlkG4g6Gyc8sHjwFYtzKyUlWr0IMr+pH4d
DNzXOSWsKI9Rt2Zj/vDvyQIwxK6d4ahacj0FrDDe2yholSd1LlOHW9wgf4jBE6nv
Ic5+0cQNtvMrGo5TFYbfD5N2qup5xRK5rwdcF3mgVYRId5FR5DlJwCzVRQ6af2sZ
/IH2q5rezTIpczrL7wKpI9fQk8HpdZidl+ua+pOjZdePgz2PNuWCv2NK8WNFMb2D
D+YQzU9oAMS9+FIvof2oN0Xv5eP+ibIzV/bAWEqP2oNTLvld0RclMoSsnpz2w1Sw
2WoiQiAukCyJzQJ0meV58WGx2q58sKGC6wF1vOgocSvgvlZnpPafL1r5n+yvPuY1
HbX1QME5bVUigjaz9KHG0zNfYPCb+Uyae2Pwol+3EH/BOE/QBo/yhnDQ0ZdM4odx
BNuPErmQBrE=
=/Vx0
- -----END PGP SIGNATURE-----

- -------------------------------------------------------------------------------------

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: dotnet5.0 security and bugfix update
Advisory ID:       RHSA-2021:0476-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0476
Issue date:        2021-02-10
CVE Names:         CVE-2021-1721 
=====================================================================

1. Summary:

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now
available. The updated versions are .NET SDK 5.0.103 and .NET Runtime
5.0.3.

Security Fix(es):

* dotnet: certificate chain building recursion Denial of Service
(CVE-2021-1721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
dotnet5.0-5.0.103-1.el8_3.src.rpm

x86_64:
aspnetcore-runtime-5.0-5.0.3-1.el8_3.x86_64.rpm
aspnetcore-targeting-pack-5.0-5.0.3-1.el8_3.x86_64.rpm
dotnet-5.0.103-1.el8_3.x86_64.rpm
dotnet-apphost-pack-5.0-5.0.3-1.el8_3.x86_64.rpm
dotnet-apphost-pack-5.0-debuginfo-5.0.3-1.el8_3.x86_64.rpm
dotnet-host-5.0.3-1.el8_3.x86_64.rpm
dotnet-host-debuginfo-5.0.3-1.el8_3.x86_64.rpm
dotnet-hostfxr-5.0-5.0.3-1.el8_3.x86_64.rpm
dotnet-hostfxr-5.0-debuginfo-5.0.3-1.el8_3.x86_64.rpm
dotnet-runtime-5.0-5.0.3-1.el8_3.x86_64.rpm
dotnet-runtime-5.0-debuginfo-5.0.3-1.el8_3.x86_64.rpm
dotnet-sdk-5.0-5.0.103-1.el8_3.x86_64.rpm
dotnet-sdk-5.0-debuginfo-5.0.103-1.el8_3.x86_64.rpm
dotnet-targeting-pack-5.0-5.0.3-1.el8_3.x86_64.rpm
dotnet-templates-5.0-5.0.103-1.el8_3.x86_64.rpm
dotnet5.0-debuginfo-5.0.103-1.el8_3.x86_64.rpm
dotnet5.0-debugsource-5.0.103-1.el8_3.x86_64.rpm
netstandard-targeting-pack-2.1-5.0.103-1.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-1721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYCQaCtzjgjWX9erEAQhcLRAAlJ18ZPfBbxb6ZCBzhNrlHOI6BFR4iLa5
yWRorMl9dt5EvqGb4URI9tlmssbrvWakNYI9UTgkkxYDhsmE1D+j+hPdQW+N09+l
6Bwpl71qoCfacaSC2oOPWr0sd4/wnlKizEyyQ8FWN7XG7Q2SjD3mWrmPtELcpD3S
tjkv2YUePCykzepJ/tO08cKYnEcu4P7IzNmA6ziWT+Eap+DVfONLGYBFDZPh1u70
0E+XLZI0rq8hNu2w1qNUW4ds6yajfZt0UnXbaUJvavofEa7aS5sCYpEDsXORZRiQ
d3qKCSnu98885bP8H2DpUwPKSchSf4R4a+dmz9I73jXE5XhkjQ64O9pOVTP09pBb
NqEaiBdBJ45jFJLuxH4RAIWm8/EUs8XILrvO/DvMKi/2VSq0zOFTA3iE9J/mloq3
MgHv/4U7zVQFkhtmri4egPxRZDTeFowosZy2X7Ew4EgQ+/BtloQIfL6TcDjF+aLB
iufAsAJTh63LCJv2gm689NpXIfQMM3GmhJ26o2cg9lLwBNXgS80UGLtgpxcp73hA
ZMKzPx028uhvStw79Og42vSWNAvY5Hlgs9azh+EkscricQ6t3pVz2fCjIZOuYDNC
t83biqcXHvpgskUW7AEW4FPH05PRCSCXUfRku3SDzmu84LDYkgbbxdZkkizptjxq
v8pIL3KSpeQ=
=PQir
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCSqpONLKJtyKPYoAQgJSw//fzMii2aGAyKAXYvAk2deUAiZ6hHsU69s
HjeqDeJqmjU/NU/m4D4Jq1ACbF0ivA+R2blnvLV8rXkVrwpFamYLKlhWYvXkuTt2
t0HheE1R+Q25kzE+29KTmsPdImJpm9Ejb6tm6tB0e2xak4rIwmgDKAnxixgYP3Fc
ivrktNQ3NvYQYnn0AbloCEdfCD+tiyKooOGk15kmN2hUSrigIVX3RxHuhLHsJ8bq
b5abDHMAsNm5AbK3Iyg5ru1iIR4yDpyrH0LouHT7q66miRgYRahEFXsbJOYPLOnT
+lC1uoTZXe9x3jPwjPKdofivTMM8/W55USyY0I1U6rTQvqp+LaEJETnt7iQSNjw7
d1Q/xNO1ulNjNezKIsB7UUY7OAnyqIEa4BTW79LLlvGR6eW0Dlo/LFctO6AHMaQv
S2spwaCr2y0N+j3q4RG+9vbAKimsomGmQTIHee5lUA7lCpZMCq/at0XfyQjKAFcT
G0+ZsrBsk1OBG74m39tVSfpNY6Rm+5Enw37a86cm2AWUeRdqumHzei0U0YtPk5q0
fqpMQbqB2jEjv8bOkT6Gmb8jiojdjB4QVGVpOEEWQhAFEP9uJ/Nw/8Qfxm4TnkEX
MHyMOrb7bYALxRCTvQuz65Twe+Aeru+/9fDTiee8unNHDHjHalextrUIty4JIIRS
OyGig2Fw+AA=
=aYoQ
-----END PGP SIGNATURE-----