USN-6438-2

Details

USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem.

Original advisory details:

Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799)

It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487)

Affected Packages

Ubuntu:23.10dotnet6

Fixed in:

6.0.124-0ubuntu1~23.10.1

Ubuntu:23.10dotnet7

Fixed in:

7.0.113-0ubuntu1~23.10.1

References

REPORThttps://launchpad.net/bugs/2040207 REPORThttps://launchpad.net/bugs/2040208 REPORThttps://ubuntu.com/security/CVE-2023-36799 ADVISORYhttps://ubuntu.com/security/notices/USN-6438-2

USN-6438-2

Details

Affected Packages

References

Related

Ecosystems

Timeline