USN-6427-1: .NET vulnerability

Packages

dotnet6 - dotNET CLI tools and runtime
dotnet7 - dotNET CLI tools and runtime

Details

It was discovered that the .NET Kestrel web server did not properly handle
HTTP/2 requests. A remote attacker could possibly use this issue to cause a
denial of service.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
23.04 lunar	aspnetcore-runtime-6.0 – 6.0.123-0ubuntu1~23.04.1
	aspnetcore-runtime-7.0 – 7.0.112-0ubuntu1~23.04.1
	dotnet-host – 6.0.123-0ubuntu1~23.04.1
	dotnet-host-7.0 – 7.0.112-0ubuntu1~23.04.1
	dotnet-hostfxr-6.0 – 6.0.123-0ubuntu1~23.04.1
	dotnet-hostfxr-7.0 – 7.0.112-0ubuntu1~23.04.1
	dotnet-runtime-6.0 – 6.0.123-0ubuntu1~23.04.1
	dotnet-runtime-7.0 – 7.0.112-0ubuntu1~23.04.1
	dotnet-sdk-6.0 – 6.0.123-0ubuntu1~23.04.1
	dotnet-sdk-7.0 – 7.0.112-0ubuntu1~23.04.1
	dotnet6 – 6.0.123-0ubuntu1~23.04.1
	dotnet7 – 7.0.112-0ubuntu1~23.04.1
22.04 jammy	aspnetcore-runtime-6.0 – 6.0.123-0ubuntu1~22.04.1
	aspnetcore-runtime-7.0 – 7.0.112-0ubuntu1~22.04.1
	dotnet-host – 6.0.123-0ubuntu1~22.04.1
	dotnet-host-7.0 – 7.0.112-0ubuntu1~22.04.1
	dotnet-hostfxr-6.0 – 6.0.123-0ubuntu1~22.04.1
	dotnet-hostfxr-7.0 – 7.0.112-0ubuntu1~22.04.1
	dotnet-runtime-6.0 – 6.0.123-0ubuntu1~22.04.1
	dotnet-runtime-7.0 – 7.0.112-0ubuntu1~22.04.1
	dotnet-sdk-6.0 – 6.0.123-0ubuntu1~22.04.1
	dotnet-sdk-7.0 – 7.0.112-0ubuntu1~22.04.1
	dotnet6 – 6.0.123-0ubuntu1~22.04.1
	dotnet7 – 7.0.112-0ubuntu1~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2023-44487

CVE-2023-44487

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices