UbuntuUpdates.org

Package "dotnet-hostfxr-7.0"

Name: dotnet-hostfxr-7.0

Description:

dotNET host resolver

Latest version: 7.0.119-0ubuntu1~22.04.1
Release: jammy (22.04)
Level: security
Repository: universe
Head package: dotnet7
Homepage: https://dot.net/core

Links


Download "dotnet-hostfxr-7.0"


Other versions of "dotnet-hostfxr-7.0" in Jammy

Repository Area Version
updates universe 7.0.119-0ubuntu1~22.04.1

Changelog

Version: 7.0.113-0ubuntu1~22.04.1 2023-10-25 07:13:14 UTC

  dotnet7 (7.0.113-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:54:05 +0300

Source diff to previous version
2040208 Update to 7.0.113
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability

Version: 7.0.112-0ubuntu1~22.04.1 2023-10-10 19:07:12 UTC

  dotnet7 (7.0.112-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.

 -- Ian Constantin <email address hidden> Wed, 04 Oct 2023 23:02:27 +0300

Source diff to previous version

Version: 7.0.111-0ubuntu1~22.04.1 2023-09-12 19:08:09 UTC

  dotnet7 (7.0.111-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-36799: A vulnerability exists in .NET when processing X.509
      certificates that may result in Denial of Service.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.

 -- Ian Constantin <email address hidden> Tue, 05 Sep 2023 17:28:54 +0300

Source diff to previous version

Version: 7.0.110-0ubuntu1~22.04.1 2023-08-10 21:06:56 UTC

  dotnet7 (7.0.110-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help
      add), dotnet attempts to locate and initiate a new process using
      cmd.exe. However, it prioritizes searching for cmd.exe in the current
      working directory (CWD) before checking other locations. This can
      potentially lead to the execution of malicious code.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
      leak. A malicious QUIC client, that fires off many unidirectional
      streams with closed writing sides. This will bypass the HTTP/3 stream
      limit and Kestrel cannot keep up with stream processing.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38180: Kestrel vulnerability to slow read attacks.

  [ Dominik Viererbe ]
  * d/README.source: updated content
    * added support documentation
    * added end of life process documentation
    * general overhaul
  * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620)
  * d/t/essential-binaries-and-config-files-should-be-present:
    remove check if DOTNET_ROOT is set
  * d/watch
    * updated matching-pattern to only match 6.0.1XX releases
    * d/watch file will fail now deliberately. See comment in d/watch
      for more information
  * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and
    updated command line interface

 -- Ian Constantin <email address hidden> Wed, 02 Aug 2023 21:51:14 +0300

Source diff to previous version
CVE-2023-35390 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-38178 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-38180 .NET and Visual Studio Denial of Service Vulnerability

Version: 7.0.109-0ubuntu1~22.04.1 2023-07-11 19:06:59 UTC

  dotnet7 (7.0.109-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser>
      PasswordSignInAsync Method.
  * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids
    and marked test crossbuild-for-windows-x64-should-run as flaky.
  * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision
    number.

 -- Ian Constantin <email address hidden> Thu, 06 Jul 2023 10:13:23 +0300




About   -   Send Feedback to @ubuntu_updates