[ubuntu/mantic-proposed] dotnet6 6.0.121-0ubuntu1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Wed Aug 9 00:58:04 UTC 2023
dotnet6 (6.0.121-0ubuntu1) mantic; urgency=medium
* New upstream release.
* SECURITY UPDATE: remote code exection
- CVE-2023-35390: When running some dotnet commands(e.g. dotnet help
add), dotnet attempts to locate and initiate a new process using
cmd.exe. However, it prioritizes searching for cmd.exe in the current
working directory (CWD) before checking other locations. This can
potentially lead to the execution of malicious code.
* SECURITY UPDATE: denial of service
- CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
leak. A malicious QUIC client, that fires off many unidirectional
streams with closed writing sides. This will bypass the HTTP/3 stream
limit and Kestrel cannot keep up with stream processing.
* SECURITY UPDATE: denial of service
- CVE-2023-38180: Kestrel vulnerability to slow read attacks
Date: Wed, 02 Aug 2023 13:18:55 +0530
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Aug 2023 13:18:55 +0530
Source: dotnet6
Built-For-Profiles: noudeb
Architecture: source
Version: 6.0.121-0ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Changes:
dotnet6 (6.0.121-0ubuntu1) mantic; urgency=medium
.
* New upstream release.
* SECURITY UPDATE: remote code exection
- CVE-2023-35390: When running some dotnet commands(e.g. dotnet help
add), dotnet attempts to locate and initiate a new process using
cmd.exe. However, it prioritizes searching for cmd.exe in the current
working directory (CWD) before checking other locations. This can
potentially lead to the execution of malicious code.
* SECURITY UPDATE: denial of service
- CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
leak. A malicious QUIC client, that fires off many unidirectional
streams with closed writing sides. This will bypass the HTTP/3 stream
limit and Kestrel cannot keep up with stream processing.
* SECURITY UPDATE: denial of service
- CVE-2023-38180: Kestrel vulnerability to slow read attacks
Checksums-Sha1:
5d754ad78268766ef7d635d9ec10b844f7df7ffd 2682 dotnet6_6.0.121-0ubuntu1.dsc
ced6fb7686723649370f4074d54b983a1f5d49a6 344659528 dotnet6_6.0.121.orig.tar.xz
2e0d1c06f3e5ecc3a7006e2ba3d63965602ae180 40728 dotnet6_6.0.121-0ubuntu1.debian.tar.xz
4a85002e4b6ae707770358573dba3ee9b1b34867 9079 dotnet6_6.0.121-0ubuntu1_source.buildinfo
Checksums-Sha256:
317fdea81083a3589750199e15c0d59524a1b28e4e2137af9a1b702e831969f3 2682 dotnet6_6.0.121-0ubuntu1.dsc
db36edb851d28e4cc6cebe275b7af008be616636199af24c332197102eb94074 344659528 dotnet6_6.0.121.orig.tar.xz
859c24d8ce3ac882e4e19856491330022229497fdf0517be846191bacee53473 40728 dotnet6_6.0.121-0ubuntu1.debian.tar.xz
9f5b4ae963230620f0df600a2ebd945656688b683d5e5d8703ada32aabe8954f 9079 dotnet6_6.0.121-0ubuntu1_source.buildinfo
Files:
e814c53942ebb0ab1b1aebbb3b007464 2682 devel optional dotnet6_6.0.121-0ubuntu1.dsc
db6ec30f87e7b5a3d05b3922c51c01a7 344659528 devel optional dotnet6_6.0.121.orig.tar.xz
036954322261eda4bc3ccab724af0650 40728 devel optional dotnet6_6.0.121-0ubuntu1.debian.tar.xz
fa9a761a6eff95a5482c31b0f489bb42 9079 devel optional dotnet6_6.0.121-0ubuntu1_source.buildinfo
More information about the mantic-changes
mailing list