RLSA-2024:2842

Security

Mirrored from RHSA-2024:2842

Issued at: 2024-06-14

Updated at: 2024-06-14

Synopsis

Important: .NET 8.0 security update

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.

Security Fix(es):

* dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)

* dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2279695

2279697

CVEs

CVE-2024-30045

CVE-2024-30046

Affected packages

Rocky Linux 9 aarch64 - AppStream

aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.aarch64.rpm

aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.aarch64.rpm

aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.aarch64.rpm

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-apphost-pack-8.0-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-apphost-pack-8.0-debuginfo-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-host-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-host-debuginfo-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-hostfxr-8.0-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-hostfxr-8.0-debuginfo-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-runtime-8.0-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-runtime-8.0-debuginfo-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-runtime-dbg-8.0-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-sdk-8.0-0:8.0.105-1.el9_4.aarch64.rpm

dotnet-sdk-8.0-debuginfo-0:8.0.105-1.el9_4.aarch64.rpm

dotnet-sdk-dbg-8.0-0:8.0.105-1.el9_4.aarch64.rpm

dotnet-targeting-pack-8.0-0:8.0.5-1.el9_4.aarch64.rpm

dotnet-templates-8.0-0:8.0.105-1.el9_4.aarch64.rpm

netstandard-targeting-pack-2.1-0:8.0.105-1.el9_4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-apphost-pack-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-apphost-pack-8.0-debuginfo-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-host-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-host-debuginfo-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-hostfxr-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-hostfxr-8.0-debuginfo-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-runtime-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-runtime-8.0-debuginfo-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-runtime-dbg-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-sdk-8.0-0:8.0.105-1.el9_4.ppc64le.rpm

dotnet-sdk-8.0-debuginfo-0:8.0.105-1.el9_4.ppc64le.rpm

dotnet-sdk-dbg-8.0-0:8.0.105-1.el9_4.ppc64le.rpm

dotnet-targeting-pack-8.0-0:8.0.5-1.el9_4.ppc64le.rpm

dotnet-templates-8.0-0:8.0.105-1.el9_4.ppc64le.rpm

netstandard-targeting-pack-2.1-0:8.0.105-1.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.s390x.rpm

aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.s390x.rpm

aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.s390x.rpm

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-apphost-pack-8.0-0:8.0.5-1.el9_4.s390x.rpm

dotnet-apphost-pack-8.0-debuginfo-0:8.0.5-1.el9_4.s390x.rpm

dotnet-host-0:8.0.5-1.el9_4.s390x.rpm

dotnet-host-debuginfo-0:8.0.5-1.el9_4.s390x.rpm

dotnet-hostfxr-8.0-0:8.0.5-1.el9_4.s390x.rpm

dotnet-hostfxr-8.0-debuginfo-0:8.0.5-1.el9_4.s390x.rpm

dotnet-runtime-8.0-0:8.0.5-1.el9_4.s390x.rpm

dotnet-runtime-8.0-debuginfo-0:8.0.5-1.el9_4.s390x.rpm

dotnet-runtime-dbg-8.0-0:8.0.5-1.el9_4.s390x.rpm

dotnet-sdk-8.0-0:8.0.105-1.el9_4.s390x.rpm

dotnet-sdk-8.0-debuginfo-0:8.0.105-1.el9_4.s390x.rpm

dotnet-sdk-dbg-8.0-0:8.0.105-1.el9_4.s390x.rpm

dotnet-targeting-pack-8.0-0:8.0.5-1.el9_4.s390x.rpm

dotnet-templates-8.0-0:8.0.105-1.el9_4.s390x.rpm

netstandard-targeting-pack-2.1-0:8.0.105-1.el9_4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

aspnetcore-runtime-8.0-0:8.0.5-1.el9_4.x86_64.rpm

aspnetcore-runtime-dbg-8.0-0:8.0.5-1.el9_4.x86_64.rpm

aspnetcore-targeting-pack-8.0-0:8.0.5-1.el9_4.x86_64.rpm

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-apphost-pack-8.0-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-apphost-pack-8.0-debuginfo-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-host-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-host-debuginfo-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-hostfxr-8.0-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-hostfxr-8.0-debuginfo-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-runtime-8.0-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-runtime-8.0-debuginfo-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-runtime-dbg-8.0-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-sdk-8.0-0:8.0.105-1.el9_4.x86_64.rpm

dotnet-sdk-8.0-debuginfo-0:8.0.105-1.el9_4.x86_64.rpm

dotnet-sdk-dbg-8.0-0:8.0.105-1.el9_4.x86_64.rpm

dotnet-targeting-pack-8.0-0:8.0.5-1.el9_4.x86_64.rpm

dotnet-templates-8.0-0:8.0.105-1.el9_4.x86_64.rpm

netstandard-targeting-pack-2.1-0:8.0.105-1.el9_4.x86_64.rpm

Rocky Linux 9 x86_64 - CRB

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-sdk-8.0-source-built-artifacts-0:8.0.105-1.el9_4.x86_64.rpm

Rocky Linux 9 aarch64 - CRB

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-sdk-8.0-source-built-artifacts-0:8.0.105-1.el9_4.aarch64.rpm

Rocky Linux 9 s390x - CRB

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-sdk-8.0-source-built-artifacts-0:8.0.105-1.el9_4.s390x.rpm

Rocky Linux 9 ppc64le - CRB

dotnet8.0-0:8.0.105-1.el9_4.src.rpm

dotnet-sdk-8.0-source-built-artifacts-0:8.0.105-1.el9_4.ppc64le.rpm