<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>==============================<span class="sewb1rc8wc2ds08"></span><span
        class="sewb1rc8wc2ds08"></span>============================================<br>
      Ubuntu Security Notice USN-6278-1<br>
      August 08, 2023<br>
      <br>
      dotnet6, dotnet7 vulnerabilities<br>
==========================================================================<br>
      <br>
      A security issue affects these releases of Ubuntu and its
      derivatives:<br>
      <br>
      - Ubuntu 23.04<br>
      <br>
      Summary:<br>
      <br>
      Several security issues were fixed in .NET.<br>
      <br>
      Software Description:<br>
      - dotnet6: dotNET CLI tools and runtime<br>
      - dotnet7: dotNET CLI tools and runtime<br>
      <br>
      Details:<br>
      <br>
      It was discovered that .NET did not properly handle the execution
      of<br>
      certain commands. An attacker could possibly use this issue to<br>
      achieve remote code execution. (CVE-2023-35390)<br>
      <br>
      Benoit Foucher discovered that .NET did not properly implement the<br>
      QUIC stream limit in HTTP/3. An attacker could possibly use this<br>
      issue to cause a denial of service. (CVE-2023-38178)<br>
      <br>
      It was discovered that .NET did not properly handle the
      disconnection<br>
      of potentially malicious clients interfacing with a Kestrel
      server. An<br>
      attacker could possibly use this issue to cause a denial of
      service.<br>
      (CVE-2023-38180)<br>
      <br>
      Update instructions:<br>
      <br>
      The problem can be corrected by updating your system to the
      following<br>
      package versions:<br>
      <br>
      Ubuntu 23.04:<br>
         aspnetcore-runtime-6.0          6.0.121-0ubuntu1~23.04.1<br>
         aspnetcore-runtime-7.0          7.0.110-0ubuntu1~23.04.1<br>
         dotnet-host                            
      6.0.121-0ubuntu1~23.04.1<br>
         dotnet-host-7.0                       7.0.110-0ubuntu1~23.04.1<br>
         dotnet-hostfxr-6.0                   6.0.121-0ubuntu1~23.04.1<br>
         dotnet-hostfxr-7.0                   7.0.110-0ubuntu1~23.04.1<br>
         dotnet-runtime-6.0                  6.0.121-0ubuntu1~23.04.1<br>
         dotnet-runtime-7.0                  7.0.110-0ubuntu1~23.04.1<br>
         dotnet-sdk-6.0                        6.0.121-0ubuntu1~23.04.1<br>
         dotnet-sdk-7.0                        7.0.110-0ubuntu1~23.04.1<br>
         dotnet6                                  
      6.0.121-0ubuntu1~23.04.1<br>
         dotnet7                                  
      7.0.110-0ubuntu1~23.04.1<br>
      <br>
      In general, a standard system update will make all the necessary
      changes.<br>
      <br>
      References:<br>
         <a class="moz-txt-link-freetext" href="https://ubuntu.com/security/notices/USN-6278-1">https://ubuntu.com/security/notices/USN-6278-1</a><br>
         CVE-2023-35390, CVE-2023-38178, CVE-2023-38180<br>
      <br>
      Package Information:<br>
<a class="moz-txt-link-freetext" href="https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1~23.04.1">https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1~23.04.1</a><br>
<a class="moz-txt-link-freetext" href="https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~23.04.1">https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~23.04.1</a></p>
  </body>
</html>