[ubuntu/noble-updates] dotnet8 8.0.110-8.0.10-0ubuntu1~24.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Oct 8 18:35:46 UTC 2024
dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium
* New upstream release
* SECURITY UPDATE: remote code execution
- CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
application code is writing to the response body, a race condition may
lead to remote code execution.
* SECURITY UPDATE: denial of service
- CVE-2024-43483: Multiple .NET components designed to process hostile
input are susceptible to hash flooding attacks.
* SECURITY UPDATE: denial of service
- CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
SortedList.
* SECURITY UPDATE: denial of service
- CVE-2024-43485: Denial of Service attack against System.Text.Json
ExtensionData feature.
Date: 2024-10-02 21:30:12.278266+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1~24.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list