USN-6278-2: .NET vulnerabilities

10 August 2023

Several security issues were fixed in .NET.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • dotnet6 - dotNET CLI tools and runtime
  • dotnet7 - dotNET CLI tools and runtime

Details

USN-6278-1 fixed several vulnerabilities in .NET. This update
provides the corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that .NET did properly handle the execution of
certain commands. An attacker could possibly use this issue to
achieve remote code execution. (CVE-2023-35390)

Benoit Foucher discovered that .NET did not properly implement the
QUIC stream limit in HTTP/3. An attacker could possibly use this
issue to cause a denial of service. (CVE-2023-38178)

It was discovered that .NET did not properly handle the disconnection
of potentially malicious clients interfacing with a Kestrel server. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-38180)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Related notices