Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2038
.NET 5.0 and .NET Core 3.1 security and bugfix update
9 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: .NET 5.0
.NET Core 3.1
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31957
Reference: ASB-2021.0117
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2350
https://access.redhat.com/errata/RHSA-2021:2351
https://access.redhat.com/errata/RHSA-2021:2352
https://access.redhat.com/errata/RHSA-2021:2353
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update
Advisory ID: RHSA-2021:2350-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2350
Issue date: 2021-06-08
CVE Names: CVE-2021-31957
=====================================================================
1. Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat
Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now
available. The updated versions are .NET SDK 3.1.116 and .NET Runtime
3.1.16.
Security Fix(es):
* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1966990 - CVE-2021-31957 dotnet: ASP.NET Core Client Disconnect Denial of Service
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-31957
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYMAbx9zjgjWX9erEAQg0iA//ZMTDOkp9jyDMxC6VRisGHkU6yxWPFIEs
5xelU+7Pusp7mmYsFM9+c8dn7sWiRuuX7S9q+DhOTemcSmjfE8TCg2PIwDwJ4v4i
AsPzx+x93ug0Jy6VWSJo/992tsdv+m809rQnqMItQy4BB7YrYaqsCtrsGxZHOP90
1LOyaiRSm7pg2OjUzvTg+k5WX4XCOvzRELiB2ErGpryR6CgU6zbCURf4fnczj2/d
rNtbxXmsDSbmTUC0qt+7uKJHzoxKXUYAHDF+wyiJXSAe2eV29nINbPa9R8vx0koE
BF2xcgVYd9MNPal3tsZ15jm6+hvk0tVMM+gPhAWQQczXl0aFMaWBSAmXPPJ/ZFXE
+mdMXNKzuxaxK+9JsBcLS7gsTSOBfzq1Sm7oQRKGmQIPqSMdQZucs3C86sASXLGD
ixQs99clPBeCFwUjvwIuHPkWQFHsxsM0LQJlGb6PHQJbVmRSc2PDgdu2BVjHJWSl
c7VxLpXHwd7uiS/zw5KTpbcXpxzCAFwD2g9mZXvgRwv8xB/yMI1uim/mbdotTs5j
C+Z8s0E1ggb6X9PkgFGMMwKIfZee3TiqbQevNjvZwqi3XbVEM4W2bDLLo0+I4Ly2
/1qPQc3r4ximd5loy9q3O/4kdkluuFsmznTg68Z0V1PCbhZ+JGpDi3ivdHV86LKa
Y+qTXDnEhw8=
=kKm2
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on RHEL 7 security and bugfix update
Advisory ID: RHSA-2021:2351-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2351
Issue date: 2021-06-08
CVE Names: CVE-2021-31957
=====================================================================
1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat
Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now
available. The updated versions are .NET SDK 5.0.204 and .NET Runtime
5.0.7.
Security Fix(es):
* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1966990 - CVE-2021-31957 dotnet: ASP.NET Core Client Disconnect Denial of Service
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet50-dotnet-5.0.204-1.el7_9.src.rpm
x86_64:
rh-dotnet50-aspnetcore-runtime-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-apphost-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-debuginfo-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-host-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-hostfxr-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-runtime-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-sdk-5.0-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-targeting-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-templates-5.0-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-netstandard-targeting-pack-2.1-5.0.204-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet50-dotnet-5.0.204-1.el7_9.src.rpm
x86_64:
rh-dotnet50-aspnetcore-runtime-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-apphost-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-debuginfo-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-host-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-hostfxr-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-runtime-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-sdk-5.0-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-targeting-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-templates-5.0-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-netstandard-targeting-pack-2.1-5.0.204-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet50-dotnet-5.0.204-1.el7_9.src.rpm
x86_64:
rh-dotnet50-aspnetcore-runtime-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-apphost-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-debuginfo-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-host-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-hostfxr-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-runtime-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-sdk-5.0-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-targeting-pack-5.0-5.0.7-1.el7_9.x86_64.rpm
rh-dotnet50-dotnet-templates-5.0-5.0.204-1.el7_9.x86_64.rpm
rh-dotnet50-netstandard-targeting-pack-2.1-5.0.204-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-31957
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYMAcl9zjgjWX9erEAQhVaw/9HRcSjFxwN6B4Gf8eBhVi01bpaAd3V8Hp
DhWeUD334zNY+iyJcARUphXd/12plCZ/WOwYgtlri5cuNoVOagiSGTSW2SViA6Gc
pPsw/+4/NbLgOWO3LQMO4jHTktUd26XlhXPSvSZmEgmPsO728O/lYEQzYbt+VZIj
TpbPVv4+0sPu9FehkpEvwsJC3uHrPUdE2yvhWtDMOCXFp/d5ADbz9w3Tc0N1g5OL
C4iOx6ke66C6zpC1kkqX3+VAMqIiB9aJFYxtixzd4kbwIZRkbaYSGRN7Zw4QWg8W
MZFFkxN3bNSzsWkZfi3k8vdtTCwrW/SxW8BqZSy0MFjf1CBLK0g7K8spy7kRDw4u
L5sQlRcrXObQmmH+LnE14Q5jK3lT6SlgBsPO67b10kMzuGQbBHqabxgi62yddfmq
Zdj+6/dpdjIQtqQHbpnRyyQEW9ff2zr/jKNrzjutRLvvoDkhFxWVmViSc7yaGtcF
Z60PHKuQ6udPcEFVaMsKpDD04cvQ+t5DU0/SlQiu1aFB+UipzKdFEGZqW/tUgmNz
OuwAMh7nkQR65zAdGIuUEPIWmkEam0l7Xe3M+72Z0zv9dBroQbyaZ5WlbOd5P1/1
sL9aFb0dlodgF4IpjZL2114NoMwMRn6QbMRBOdRKKIL0BKlfBxgy339lGdmoaoJu
TOmr8njUke0=
=oejO
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 security and bugfix update
Advisory ID: RHSA-2021:2352-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2352
Issue date: 2021-06-08
CVE Names: CVE-2021-31957
=====================================================================
1. Summary:
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux
8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - x86_64
3. Description:
.NET is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now
available. The updated versions are .NET SDK 3.1.116 and .NET Runtime
3.1.16.
Security Fix(es):
* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1966990 - CVE-2021-31957 dotnet: ASP.NET Core Client Disconnect Denial of Service
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
dotnet3.1-3.1.116-1.el8_4.src.rpm
x86_64:
aspnetcore-runtime-3.1-3.1.16-1.el8_4.x86_64.rpm
aspnetcore-targeting-pack-3.1-3.1.16-1.el8_4.x86_64.rpm
dotnet-apphost-pack-3.1-3.1.16-1.el8_4.x86_64.rpm
dotnet-apphost-pack-3.1-debuginfo-3.1.16-1.el8_4.x86_64.rpm
dotnet-hostfxr-3.1-3.1.16-1.el8_4.x86_64.rpm
dotnet-hostfxr-3.1-debuginfo-3.1.16-1.el8_4.x86_64.rpm
dotnet-runtime-3.1-3.1.16-1.el8_4.x86_64.rpm
dotnet-runtime-3.1-debuginfo-3.1.16-1.el8_4.x86_64.rpm
dotnet-sdk-3.1-3.1.116-1.el8_4.x86_64.rpm
dotnet-sdk-3.1-debuginfo-3.1.116-1.el8_4.x86_64.rpm
dotnet-targeting-pack-3.1-3.1.16-1.el8_4.x86_64.rpm
dotnet-templates-3.1-3.1.116-1.el8_4.x86_64.rpm
dotnet3.1-debuginfo-3.1.116-1.el8_4.x86_64.rpm
dotnet3.1-debugsource-3.1.116-1.el8_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-31957
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYMAOLtzjgjWX9erEAQjJnQ//SML3jPtTi/qwZ6cs0vuI8TiH2jWXpmW0
K79hEE8Ys2EDOZaWJfM8+1ZFlEZLoT5DhBLpctSeLROeM5J7sSIDEEWCnn1Pq6zo
4Rv0q5iHQRLRU+b71JXiPtjEujJD0ZZb/tchoikI4K+Cp6iziHWhJqB3dtXhi1Nb
ie7OXKmdraCs6jR+Z46nF1CdVXeOC+jm4WVXnp1fX3HnDKPqMEjWqY8cDfMdcSTn
vtHPmsSmG29DrlQWDJLnC0Ba4OwBLIh6RwTc7G8STfTTdAX1Kjpvqu2wPWTiKa8r
PHGNKMDt3CjZWfXum215H9tZxFOjZOWK/c4zFISJV2fw4Xw2AGSBZAMfdaN6zKcy
+c5tFnbK2TkCzAjDPsyftB7hdCx05DKcIuzBLKTVF3H/Ix7MDzJlGmgy90dTWsFn
6CG/xChw0RThKJRWdUTVz7jED4MXkLaLS5uOATdXZokMx91Os9gOadPzIepRIZrj
l7mmvfgB9H3z3xOzFS7pNR4iTcnXfcBZ93+8ATsukScBYrNP54GYVVuUjJT15Bgx
659S7xueUaPUdgRYXHNLfOueCEOoibaxxKAJiRS4Vq0NbNWnBPVPQRB9XGINWjIN
YpsI96r0X82MQNDJhqxhQrzJ/binQ+n6E6mtGPJVL4pXpNJrj7BZ99B3oz9hOS9f
jGunZzNW11Y=
=YfFE
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 security and bugfix update
Advisory ID: RHSA-2021:2353-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2353
Issue date: 2021-06-08
CVE Names: CVE-2021-31957
=====================================================================
1. Summary:
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - x86_64
3. Description:
.NET is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now
available. The updated versions are .NET SDK 5.0.204 and .NET Runtime
5.0.7.
Security Fix(es):
* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1966990 - CVE-2021-31957 dotnet: ASP.NET Core Client Disconnect Denial of Service
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
dotnet5.0-5.0.204-1.el8_4.src.rpm
x86_64:
aspnetcore-runtime-5.0-5.0.7-1.el8_4.x86_64.rpm
aspnetcore-targeting-pack-5.0-5.0.7-1.el8_4.x86_64.rpm
dotnet-5.0.204-1.el8_4.x86_64.rpm
dotnet-apphost-pack-5.0-5.0.7-1.el8_4.x86_64.rpm
dotnet-apphost-pack-5.0-debuginfo-5.0.7-1.el8_4.x86_64.rpm
dotnet-host-5.0.7-1.el8_4.x86_64.rpm
dotnet-host-debuginfo-5.0.7-1.el8_4.x86_64.rpm
dotnet-hostfxr-5.0-5.0.7-1.el8_4.x86_64.rpm
dotnet-hostfxr-5.0-debuginfo-5.0.7-1.el8_4.x86_64.rpm
dotnet-runtime-5.0-5.0.7-1.el8_4.x86_64.rpm
dotnet-runtime-5.0-debuginfo-5.0.7-1.el8_4.x86_64.rpm
dotnet-sdk-5.0-5.0.204-1.el8_4.x86_64.rpm
dotnet-sdk-5.0-debuginfo-5.0.204-1.el8_4.x86_64.rpm
dotnet-targeting-pack-5.0-5.0.7-1.el8_4.x86_64.rpm
dotnet-templates-5.0-5.0.204-1.el8_4.x86_64.rpm
dotnet5.0-debuginfo-5.0.204-1.el8_4.x86_64.rpm
dotnet5.0-debugsource-5.0.204-1.el8_4.x86_64.rpm
netstandard-targeting-pack-2.1-5.0.204-1.el8_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-31957
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYMAROtzjgjWX9erEAQjDbA//Ztsn6iQpUwm0Hr3hJKxNWxt8Tl/YQcS0
eSBRL2rrFhWmaknMLUOznVJ/EqUGw/VnJWr47psrSHeuLCb49gjp8Vk0w8ZDK1Qq
e6zVXmsU2it/iexi7ZHEzhcTLJKqxafLrBv4w2FsGw8gBEN2e5Yk0E5FxMmYyFQZ
ozTGNwmUMC6DSaGgNj+l+vDKIgmzoMGca1QNyIDCvm5iwVwOL4V5RWgBi3yHbHC1
NJwY1neCS5FaDG4a0JCrbqH4P5MgGDz/qDtAauNOMO/KJw28fxOyuSOUHS0XGGN+
XbLUWHjYVje3Ved+0H31Q/RrBKJjibCQ7UJqARGAsG1Sn26sngmavro3UiC0DhVk
luQQqG+yIv4zh4yOSrWLlSYLXFcUfc+CgvAyA9MEKjWsVSHUjwD94OMO9ky6idU7
YWiJL2psvojMGQGw7QEqEA+HwPdBiJ/wsQfDRSsNRCYR1cOm599MRRE0+GflLO2f
PA8l4hU4TuSzzSNM+DXUVvLJe3FkHbncCTwPnixgtVja/Uqg+Ad7HqQDfVta96gi
tTfNCl7Q4Qanmr/Z+TfBnEvB0HiAamlFAzoIgIRwm+1Q3vfgzzpEYXgAa/i1TgXa
+hKLG22sTa8pmkJR3w5ytwzcF7OIgyAP7O+3ayamwhV47q/htlrT0T3mz5SksgdJ
uY2NqRjFrb8=
=rVx2
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYMBZE+NLKJtyKPYoAQgEfxAAqe/7/qrJGGHK0gbal7D9NDHTb2CwIYfC
KLIZ9Bu7BqiWHrHTfhTZuKFuzvMMec9RfhjBLIjyq2NDzJGIAOrcvJ2b5CJHiVje
XXootzWNU7KrRP30XdqR5+yOW71p/l3rXnG2QvcURE+MaSINN8hTWCiv02tPVU+0
20EZa+1/GJJ1t6kqJq9ufS9s2ubzDAb6ohNI8nMYY/aXKUNcYnaRw3QVnHp1lzP6
svvIQQmJp3f4aOciDq7rKzm6lzSx5ozxxddhn2Ap2ABk8gGbBwVIcP7UezYowmgN
LCcH6W0r7f7rfYiiTuBU1Pu7z/i7e+CEM1SB37Ret6/mMrGPSyGvfDySwBIQDJej
Gyc/KVlwepxtsWXlntA6IIpsbLQOAhMuegOtjZrqjPRJ7iI6s7TMr3k0AL0/w5gU
sJ95BQc+tfx7ph14uBNO16ixPU/WX5NOUOXN4EqqBXR5E+JKoLQqnxQF2iHKeGob
LpBR74KQivBTGcRTGspeUhgiOymTLz3xvlqMZmO/CeduGBBkNtI29OUm1ueyx3oO
HuzraSpSA+qg3NBOZNokC9TvhzwjP0yqnmfW7immIV3wmfiXaFM4dfOhQZQ5uBOV
1U9fFJBrGKuYytRoFISSv+KPnqx/zkA5FN5P5Kq4/sevcHnFTB0OjTQbUt4Dd3Jl
fuFtBJqokDM=
=nGj5
-----END PGP SIGNATURE-----