USN-6427-1: .NET vulnerability
10 October 2023
.NET could be made to crash if it received specially crafted network traffic.
Releases
Packages
Details
It was discovered that the .NET Kestrel web server did not properly handle
HTTP/2 requests. A remote attacker could possibly use this issue to cause a
denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
-
aspnetcore-runtime-6.0
-
6.0.123-0ubuntu1~23.04.1
-
aspnetcore-runtime-7.0
-
7.0.112-0ubuntu1~23.04.1
-
dotnet-host
-
6.0.123-0ubuntu1~23.04.1
-
dotnet-host-7.0
-
7.0.112-0ubuntu1~23.04.1
-
dotnet-hostfxr-6.0
-
6.0.123-0ubuntu1~23.04.1
-
dotnet-hostfxr-7.0
-
7.0.112-0ubuntu1~23.04.1
-
dotnet-runtime-6.0
-
6.0.123-0ubuntu1~23.04.1
-
dotnet-runtime-7.0
-
7.0.112-0ubuntu1~23.04.1
-
dotnet-sdk-6.0
-
6.0.123-0ubuntu1~23.04.1
-
dotnet-sdk-7.0
-
7.0.112-0ubuntu1~23.04.1
-
dotnet6
-
6.0.123-0ubuntu1~23.04.1
-
dotnet7
-
7.0.112-0ubuntu1~23.04.1
Ubuntu 22.04
-
aspnetcore-runtime-6.0
-
6.0.123-0ubuntu1~22.04.1
-
aspnetcore-runtime-7.0
-
7.0.112-0ubuntu1~22.04.1
-
dotnet-host
-
6.0.123-0ubuntu1~22.04.1
-
dotnet-host-7.0
-
7.0.112-0ubuntu1~22.04.1
-
dotnet-hostfxr-6.0
-
6.0.123-0ubuntu1~22.04.1
-
dotnet-hostfxr-7.0
-
7.0.112-0ubuntu1~22.04.1
-
dotnet-runtime-6.0
-
6.0.123-0ubuntu1~22.04.1
-
dotnet-runtime-7.0
-
7.0.112-0ubuntu1~22.04.1
-
dotnet-sdk-6.0
-
6.0.123-0ubuntu1~22.04.1
-
dotnet-sdk-7.0
-
7.0.112-0ubuntu1~22.04.1
-
dotnet6
-
6.0.123-0ubuntu1~22.04.1
-
dotnet7
-
7.0.112-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6427-2: dotnet-targeting-pack-8.0, dotnet-apphost-pack-8.0, dotnet-sdk-8.0-source-built-artifacts, aspnetcore-targeting-pack-8.0, dotnet-sdk-8.0, dotnet-templates-8.0, dotnet8, aspnetcore-runtime-8.0, dotnet-host-8.0, dotnet-runtime-8.0, dotnet-hostfxr-8.0, netstandard-targeting-pack-2.1-8.0
- USN-6438-1: dotnet-targeting-pack-7.0, dotnet-apphost-pack-6.0, aspnetcore-targeting-pack-7.0, dotnet-sdk-7.0-source-built-artifacts, netstandard-targeting-pack-2.1-7.0, netstandard-targeting-pack-2.1, dotnet-sdk-7.0, dotnet-sdk-6.0, dotnet-hostfxr-6.0, dotnet-templates-7.0, aspnetcore-runtime-7.0, dotnet7, dotnet-hostfxr-7.0, dotnet-targeting-pack-6.0, dotnet-runtime-6.0, dotnet-templates-6.0, dotnet-host, aspnetcore-targeting-pack-6.0, dotnet-host-7.0, aspnetcore-runtime-6.0, dotnet-apphost-pack-7.0, dotnet6, dotnet-runtime-7.0, dotnet-sdk-6.0-source-built-artifacts
- USN-6505-1: libnghttp2-doc, nghttp2-client, nghttp2, nghttp2-proxy, libnghttp2-dev, libnghttp2-14, nghttp2-server
- USN-6574-1: golang-1.21-go, golang-1.21-doc, golang-1.20-doc, golang-1.21-src, golang-1.20, golang-1.21, golang-1.20-src, golang-1.20-go
- USN-6754-1: libnghttp2-doc, nghttp2-client, nghttp2, nghttp2-proxy, libnghttp2-dev, libnghttp2-14, nghttp2-server
- USN-6994-1: libnetty-java, netty
- USN-7067-1: haproxy-doc, haproxy, vim-haproxy