Executive Summary

Summary
Title.NET Core on Red Hat Enterprise Linux security update
Informations
NameRHSA-2019:0040First vendor Publication2019-01-09
VendorRedHatLast vendor Modification2019-01-09
Severity (Vendor) N/ARevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)

* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)

* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References section.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2019-0040.html

CWE : Common Weakness Enumeration

%idName
67 %CWE-19Data Handling
33 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application11
Application2
Os6
Os1
Os1
Os1
Os2
Os4
Os2
Os2
Os1

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-01-15 00:21:09
  • Multiple Updates
2019-01-12 00:21:08
  • Multiple Updates
2019-01-10 13:19:08
  • First insertion