<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
==========================================================================
<div class="gmail_quote"> Ubuntu Security Notice USN-6773-1<br>
May 16, 2024<br>
<br>
dotnet7, dotnet8 vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 24.04 LTS<br>
- Ubuntu 23.10<br>
- Ubuntu 22.04 LTS<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in .NET.<br>
<br>
Software Description:<br>
- dotnet8: .NET CLI tools and runtime<br>
- dotnet7: .NET CLI tools and runtime<br>
<br>
Details:<br>
<br>
It was discovered that .NET did not properly handle memory in it's<br>
Double Parse routine. An attacker could possibly use this issue to<br>
achieve remote code execution. (CVE-2024-30045)<br>
<br>
It was discovered that .NET did not properly handle the usage of a<br>
shared resource. An attacker could possibly use this to cause a
dead-lock <br>
condition, resulting in a denial of service. (CVE-2024-30046)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 24.04 LTS<br>
aspnetcore-runtime-8.0 8.0.5-0ubuntu1~24.04.1<br>
dotnet-host-8.0 8.0.5-0ubuntu1~24.04.1<br>
dotnet-hostfxr-8.0 8.0.5-0ubuntu1~24.04.1<br>
dotnet-runtime-8.0 8.0.5-0ubuntu1~24.04.1<br>
dotnet-sdk-8.0 8.0.105-0ubuntu1~24.04.1<br>
dotnet8 8.0.105-8.0.5-0ubuntu1~24.04.<wbr>1<br>
<br>
Ubuntu 23.10<br>
aspnetcore-runtime-7.0 7.0.119-0ubuntu1~23.10.1<br>
aspnetcore-runtime-8.0 8.0.5-0ubuntu1~23.10.1<br>
dotnet-host-7.0 7.0.119-0ubuntu1~23.10.1<br>
dotnet-host-8.0 8.0.5-0ubuntu1~23.10.1<br>
dotnet-hostfxr-7.0 7.0.119-0ubuntu1~23.10.1<br>
dotnet-hostfxr-8.0 8.0.5-0ubuntu1~23.10.1<br>
dotnet-runtime-7.0 7.0.119-0ubuntu1~23.10.1<br>
dotnet-runtime-8.0 8.0.5-0ubuntu1~23.10.1<br>
dotnet-sdk-7.0 7.0.119-0ubuntu1~23.10.1<br>
dotnet-sdk-8.0 8.0.105-0ubuntu1~23.10.1<br>
dotnet7 7.0.119-0ubuntu1~23.10.1<br>
dotnet8 8.0.105-8.0.5-0ubuntu1~23.10.<wbr>1<br>
<br>
Ubuntu 22.04 LTS<br>
aspnetcore-runtime-7.0 7.0.119-0ubuntu1~22.04.1<br>
aspnetcore-runtime-8.0 8.0.5-0ubuntu1~22.04.1<br>
dotnet-host-7.0 7.0.119-0ubuntu1~22.04.1<br>
dotnet-host-8.0 8.0.5-0ubuntu1~22.04.1<br>
dotnet-hostfxr-7.0 7.0.119-0ubuntu1~22.04.1<br>
dotnet-hostfxr-8.0 8.0.5-0ubuntu1~22.04.1<br>
dotnet-runtime-7.0 7.0.119-0ubuntu1~22.04.1<br>
dotnet-runtime-8.0 8.0.5-0ubuntu1~22.04.1<br>
dotnet-sdk-7.0 7.0.119-0ubuntu1~22.04.1<br>
dotnet-sdk-8.0 8.0.105-0ubuntu1~22.04.1<br>
dotnet7 7.0.119-0ubuntu1~22.04.1<br>
dotnet8 8.0.105-8.0.5-0ubuntu1~22.04.<wbr>1<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-6773-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-6773-1&source=gmail&ust=1715954045154000&usg=AOvVaw0nqdeHPsbxq0yOuuMYQ_5H">https://ubuntu.com/security/no<wbr>tices/USN-6773-1</a><br>
CVE-2024-30045, CVE-2024-30046<br>
<br>
Package Information:<br>
<a
href="https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0.5-0ubuntu1~24.04.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dotnet8/8.0.105-8.0.5-0ubuntu1~24.04.1&source=gmail&ust=1715954045154000&usg=AOvVaw1aPXMnRy612UdYUla92D7z">https://launchpad.net/ubuntu/+<wbr>source/dotnet8/8.0.105-8.0.5-0<wbr>ubuntu1~24.04.1</a><br>
<a
href="https://launchpad.net/ubuntu/+source/dotnet7/7.0.119-0ubuntu1~23.10.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dotnet7/7.0.119-0ubuntu1~23.10.1&source=gmail&ust=1715954045154000&usg=AOvVaw1HvarZCW-lxMjk5U4AHBJs">https://launchpad.net/ubuntu/+<wbr>source/dotnet7/7.0.119-0ubuntu<wbr>1~23.10.1</a><br>
<a
href="https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0.5-0ubuntu1~23.10.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dotnet8/8.0.105-8.0.5-0ubuntu1~23.10.1&source=gmail&ust=1715954045154000&usg=AOvVaw1kR5jXmm4rnShY5WTJ6pkT">https://launchpad.net/ubuntu/+<wbr>source/dotnet8/8.0.105-8.0.5-0<wbr>ubuntu1~23.10.1</a><br>
<a
href="https://launchpad.net/ubuntu/+source/dotnet7/7.0.119-0ubuntu1~22.04.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dotnet7/7.0.119-0ubuntu1~22.04.1&source=gmail&ust=1715954045154000&usg=AOvVaw1JdDRzqiZWEMlrag7n-9m2">https://launchpad.net/ubuntu/+<wbr>source/dotnet7/7.0.119-0ubuntu<wbr>1~22.04.1</a><br>
<a
href="https://launchpad.net/ubuntu/+source/dotnet8/8.0.105-8.0.5-0ubuntu1~22.04.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dotnet8/8.0.105-8.0.5-0ubuntu1~22.04.1&source=gmail&ust=1715954045154000&usg=AOvVaw0KrlyWi6mk8fyEP50oNVhX">https://launchpad.net/ubuntu/+<wbr>source/dotnet8/8.0.105-8.0.5-0<wbr>ubuntu1~22.04.1</a><br>
<br>
</div>
</body>
</html>