USN-6693-1: .NET vulnerability

Releases

• Ubuntu 23.10
• Ubuntu 22.04 LTS

Packages

• dotnet7 - .NET CLI tools and runtime
• dotnet8 - .NET CLI tools and runtime

Details

It was discovered that .NET did not properly handle certain specially
crafted requests. An attacker could potentially use this issue to cause
a resource leak, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• aspnetcore-runtime-7.0 - 7.0.117-0ubuntu1~23.10.1
• aspnetcore-runtime-8.0 - 8.0.3-0ubuntu1~23.10.1
• dotnet-runtime-7.0 - 7.0.117-0ubuntu1~23.10.1
• dotnet-runtime-8.0 - 8.0.3-0ubuntu1~23.10.1
• dotnet7 - 7.0.117-0ubuntu1~23.10.1
• dotnet8 - 8.0.103-8.0.3-0ubuntu1~23.10.1

Ubuntu 22.04

• aspnetcore-runtime-7.0 - 7.0.117-0ubuntu1~22.04.1
• aspnetcore-runtime-8.0 - 8.0.3-0ubuntu1~22.04.1
• dotnet-runtime-7.0 - 7.0.117-0ubuntu1~22.04.1
• dotnet-runtime-8.0 - 8.0.3-0ubuntu1~22.04.1
• dotnet7 - 7.0.117-0ubuntu1~22.04.1
• dotnet8 - 8.0.103-8.0.3-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

• CVE-2024-21392