1. Ubuntu Security Notices
  2. USN-6578-1

USN-6578-1: .NET vulnerabilities

Publication date

11 January 2024

Overview

Several security issues were fixed in dotnet6, dotnet7, and dotnet8.

Releases

Packages

  • dotnet6 - dotNET CLI tools and runtime
  • dotnet7 - dotNET CLI tools and runtime
  • dotnet8 - dotNET CLI tools and runtime

Details

Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)

Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)

Vishal Mishra and Anita Gaud discovered that .NET did not properly
validate X.509 certificates with malformed signatures. An attacker
could possibly use this issue to bypass an application’s typical
authentication logic.
(CVE-2024-0057)

Morgan Brown discovered that .NET did not properly handle requests from
unauthenticated clients. An attacker could possibly use this issue to
cause a denial of service.
(CVE-2024-21319)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
23.10 mantic aspnetcore-runtime-6.0 –  6.0.126-0ubuntu1~23.10.1
aspnetcore-runtime-7.0 –  7.0.115-0ubuntu1~23.10.1
aspnetcore-runtime-8.0 –  8.0.1-0ubuntu1~23.10.1
dotnet-host –  6.0.126-0ubuntu1~23.10.1
dotnet-host-7.0 –  7.0.115-0ubuntu1~23.10.1
dotnet-host-8.0 –  8.0.1-0ubuntu1~23.10.1
dotnet-hostfxr-6.0 –  6.0.126-0ubuntu1~23.10.1
dotnet-hostfxr-7.0 –  7.0.115-0ubuntu1~23.10.1
dotnet-hostfxr-8.0 –  8.0.1-0ubuntu1~23.10.1
dotnet-runtime-6.0 –  6.0.126-0ubuntu1~23.10.1
dotnet-runtime-7.0 –  7.0.115-0ubuntu1~23.10.1
dotnet-runtime-8.0 –  8.0.1-0ubuntu1~23.10.1
dotnet-sdk-6.0 –  6.0.126-0ubuntu1~23.10.1
dotnet-sdk-7.0 –  7.0.115-0ubuntu1~23.10.1
dotnet-sdk-8.0 –  8.0.101-0ubuntu1~23.10.1
dotnet6 –  6.0.126-0ubuntu1~23.10.1
dotnet7 –  7.0.115-0ubuntu1~23.10.1
dotnet8 –  8.0.101-8.0.1-0ubuntu1~23.10.1
23.04 lunar aspnetcore-runtime-6.0 –  6.0.126-0ubuntu1~23.04.1
aspnetcore-runtime-7.0 –  7.0.115-0ubuntu1~23.04.1
dotnet-host –  6.0.126-0ubuntu1~23.04.1
dotnet-host-7.0 –  7.0.115-0ubuntu1~23.04.1
dotnet-hostfxr-6.0 –  6.0.126-0ubuntu1~23.04.1
dotnet-hostfxr-7.0 –  7.0.115-0ubuntu1~23.04.1
dotnet-runtime-6.0 –  6.0.126-0ubuntu1~23.04.1
dotnet-runtime-7.0 –  7.0.115-0ubuntu1~23.04.1
dotnet-sdk-6.0 –  6.0.126-0ubuntu1~23.04.1
dotnet-sdk-7.0 –  7.0.115-0ubuntu1~23.04.1
dotnet6 –  6.0.126-0ubuntu1~23.04.1
dotnet7 –  7.0.115-0ubuntu1~23.04.1
22.04 jammy aspnetcore-runtime-6.0 –  6.0.126-0ubuntu1~22.04.1
aspnetcore-runtime-7.0 –  7.0.115-0ubuntu1~22.04.1
dotnet-host –  6.0.126-0ubuntu1~22.04.1
dotnet-host-7.0 –  7.0.115-0ubuntu1~22.04.1
dotnet-hostfxr-6.0 –  6.0.126-0ubuntu1~22.04.1
dotnet-hostfxr-7.0 –  7.0.115-0ubuntu1~22.04.1
dotnet-runtime-6.0 –  6.0.126-0ubuntu1~22.04.1
dotnet-runtime-7.0 –  7.0.115-0ubuntu1~22.04.1
dotnet-sdk-6.0 –  6.0.126-0ubuntu1~22.04.1
dotnet-sdk-7.0 –  7.0.115-0ubuntu1~22.04.1
dotnet6 –  6.0.126-0ubuntu1~22.04.1
dotnet7 –  7.0.115-0ubuntu1~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›