Arch Linux alert ASA-202106-37 (aspnet-runtime)
| From: | Santiago Torres-Arias via arch-security <arch-security@lists.archlinux.org> | |
| To: | Archlinux security <arch-security@archlinux.org> | |
| Subject: | [ASA-202106-37] aspnet-runtime: denial of service | |
| Date: | Thu, 17 Jun 2021 12:26:09 -0400 | |
| Message-ID: | <YMt3oQm1A7lwdkhX@LykOS.localdomain> | |
| Cc: | Santiago Torres-Arias <santiago@archlinux.org> |
Arch Linux Security Advisory ASA-202106-37 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-31957 Package : aspnet-runtime Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2046 Summary ======= The package aspnet-runtime before version 5.0.7.sdk204-1 is vulnerable to denial of service. Resolution ========== Upgrade to 5.0.7.sdk204-1. # pacman -Syu "aspnet-runtime>=5.0.7.sdk204-1" The problem has been fixed upstream in version 5.0.7.sdk204. Workaround ========== None. Description =========== A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16 and SDK 3.1.116 in ASP.NET. Impact ====== A remote attacker could crash an ASP.NET application. References ========== https://msrc.microsoft.com/update-guide/en-US/vulnerabili... https://github.com/dotnet/announcements/issues/189 https://security.archlinux.org/CVE-2021-31957