RedHat: RHSA-2019-0544:01 Important: .NET Core on Red Hat Enterprise Linux

    Date13 Mar 2019
    CategoryRed Hat
    416
    Posted ByLinuxSecurity Advisories
    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: .NET Core on Red Hat Enterprise Linux security update for March 2019
    Advisory ID:       RHSA-2019:0544-01
    Product:           .NET Core on Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0544
    Issue date:        2019-03-13
    CVE Names:         CVE-2019-0757 
    =====================================================================
    
    1. Summary:
    
    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,
    rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core
    on Red Hat Enterprise Linux.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
    .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
    
    3. Description:
    
    .NET Core is a managed-software framework. It implements the .NET standard
    APIs and several additional APIs, and it includes a CLR implementation.
    
    New versions of .NET Core that address security vulnerabilities are now
    available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and
    2.2.3.
    
    Security Fix(es):
    
    * A tampering vulnerability exists in NuGet software when executed in a
    Linux or Mac environment. (CVE-2019-0757)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    For more information, please refer to the upstream doc in the References
    section.
    
    4. Solution:
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability
    1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105
    1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505
    
    6. Package List:
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnet21-2.1-8.el7.src.rpm
    rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-8.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    rh-dotnet22-2.2-4.el7.src.rpm
    rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-4.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnet21-2.1-8.el7.src.rpm
    rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-8.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-dotnet22-2.2-4.el7.src.rpm
    rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-4.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm
    rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
    
    x86_64:
    rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm
    rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnet21-2.1-8.el7.src.rpm
    rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
    
    x86_64:
    rh-dotnet21-2.1-8.el7.x86_64.rpm
    rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm
    rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
    
    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-dotnet22-2.2-4.el7.src.rpm
    rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
    
    x86_64:
    rh-dotnet22-2.2-4.el7.x86_64.rpm
    rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm
    rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-0757
    https://access.redhat.com/security/updates/classification/#important
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN
    jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz
    csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt
    Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC
    sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM
    Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu
    tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg
    ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A
    eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r
    LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1
    35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR
    FvFvp8/nSm4=
    =KwTi
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/products?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    8
    radio
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.