[ubuntu/jammy-updates] dotnet7 7.0.110-0ubuntu1~22.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Aug 10 19:30:23 UTC 2023
dotnet7 (7.0.110-0ubuntu1~22.04.1) jammy-security; urgency=medium
* New upstream release.
* SECURITY UPDATE: remote code exection
- CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help
add), dotnet attempts to locate and initiate a new process using
cmd.exe. However, it prioritizes searching for cmd.exe in the current
working directory (CWD) before checking other locations. This can
potentially lead to the execution of malicious code.
* SECURITY UPDATE: denial of service
- CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
leak. A malicious QUIC client, that fires off many unidirectional
streams with closed writing sides. This will bypass the HTTP/3 stream
limit and Kestrel cannot keep up with stream processing.
* SECURITY UPDATE: denial of service
- CVE-2023-38180: Kestrel vulnerability to slow read attacks.
[ Dominik Viererbe ]
* d/README.source: updated content
* added support documentation
* added end of life process documentation
* general overhaul
* d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620)
* d/t/essential-binaries-and-config-files-should-be-present:
remove check if DOTNET_ROOT is set
* d/watch
* updated matching-pattern to only match 6.0.1XX releases
* d/watch file will fail now deliberately. See comment in d/watch
for more information
* unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and
updated command line interface
Date: 2023-08-03 11:34:09.166723+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~22.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list