Ubuntu alert USN-6773-1 (dotnet7, dotnet8)
| From: | Ian Constantin <ian.constantin@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6773-1] .NET vulnerabilities | |
| Date: | Thu, 16 May 2024 16:58:27 +0300 | |
| Message-ID: | <e88e1124-ef46-46d7-a71e-35868cb3f08c@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6773-1 May 16, 2024 dotnet7, dotnet8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet8: .NET CLI tools and runtime - dotnet7: .NET CLI tools and runtime Details: It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. (CVE-2024-30045) It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service. (CVE-2024-30046) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS aspnetcore-runtime-8.0 8.0.5-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.5-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.5-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.5-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.105-0ubuntu1~24.04.1 dotnet8 8.0.105-8.0.5-0ubuntu1~24.04.1 Ubuntu 23.10 aspnetcore-runtime-7.0 7.0.119-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.5-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.119-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.5-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.119-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.5-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.119-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.5-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.119-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.105-0ubuntu1~23.10.1 dotnet7 7.0.119-0ubuntu1~23.10.1 dotnet8 8.0.105-8.0.5-0ubuntu1~23.10.1 Ubuntu 22.04 LTS aspnetcore-runtime-7.0 7.0.119-0ubuntu1~22.04.1 aspnetcore-runtime-8.0 8.0.5-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.119-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.5-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.119-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.5-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.119-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.5-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.119-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.105-0ubuntu1~22.04.1 dotnet7 7.0.119-0ubuntu1~22.04.1 dotnet8 8.0.105-8.0.5-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6773-1 <https://ubuntu.com/security/notices/USN-6773-1> CVE-2024-30045, CVE-2024-30046 Package Information: https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0.... <https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0....> https://launchpad.net/ubuntu/+source/dotnet7/7.0.119-0ubu... <https://launchpad.net/ubuntu/+source/dotnet7/7.0.119-0ubu...> https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0.... <https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0....> https://launchpad.net/ubuntu/+source/dotnet7/7.0.119-0ubu... <https://launchpad.net/ubuntu/+source/dotnet7/7.0.119-0ubu...> https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0.... <https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0....>