You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa .NET Core

Sigurnosni nedostatak programskog paketa .NET Core

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update
Advisory ID: RHSA-2018:3676-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676
Issue date: 2018-11-27
CVE Names: CVE-2018-8416
=====================================================================

1. Summary:

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat
Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) – x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) – x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

.NET Core is a managed software framework. It implements a subset of the
.NET framework APIs and several new APIs, and it includes a CLR
implementation.

A new version of .NET Core that addresses a security vulnerability is now
available. The updated version is .NET Core 2.1.5.

Security Fix(es):

* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)

For more information, please refer to the upstream docs in the References
section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1649693 – CVE-2018-8416 .NET Core: Arbitrary file and directory creation

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm

x86_64:
rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm

x86_64:
rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm

x86_64:
rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-8416
https://access.redhat.com/security/updates/classification/#moderate
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6
8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK
p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA
gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh
ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy
gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l
t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3
rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9
lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2
GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4
W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC
uuianWdqhaI=
=i2VD
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke Libav

Otkriven je sigurnosni nedostatak programske biblioteke Libav za operacijski sustav Gentoo. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS stanja...

Close