USN-6438-2

Details

USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem.

Original advisory details:

Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799)

It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487)

Affected Packages

dotnet6

Ubuntu 23.10

Fixed in:

6.0.124-0ubuntu1~23.10.1

dotnet7

Ubuntu 23.10

Fixed in:

7.0.113-0ubuntu1~23.10.1

References

REPORT

https://launchpad.net/bugs/2040207

REPORT

https://launchpad.net/bugs/2040208

REPORT

https://ubuntu.com/security/CVE-2023-36799

ADVISORY

https://ubuntu.com/security/notices/USN-6438-2