UbuntuUpdates.org

Package "dotnet-runtime-7.0"

Name: dotnet-runtime-7.0

Description:

dotNET runtime
Latest version: 7.0.115-0ubuntu1~23.04.1
Release: lunar (23.04)
Level: updates
Repository: universe
Head package: dotnet7
Homepage: https://dot.net/core

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet-runtime-7.0"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet-runtime-7.0" in Lunar

Repository Area Version
base universe 7.0.105-0ubuntu2
security universe 7.0.115-0ubuntu1~23.04.1

Changelog

Version: 7.0.115-0ubuntu1~23.04.1 2024-01-11 17:06:49 UTC

  dotnet7 (7.0.115-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT

 -- Ian Constantin <email address hidden> Sat, 06 Jan 2024 18:09:14 +0200
Source diff to previous version
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVE-2024-21319 Microsoft Identity Denial of service vulnerability

Version: 7.0.114-0ubuntu1~23.04.1 2023-11-14 22:07:14 UTC

  dotnet7 (7.0.114-0ubuntu1~23.04.1) lunar-security; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:20 +0200
Source diff to previous version

Version: 7.0.113-0ubuntu1~23.04.1 2023-10-25 07:13:17 UTC

  dotnet7 (7.0.113-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:54:01 +0300
Source diff to previous version
2040208 Update to 7.0.113
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability

Version: 7.0.112-0ubuntu1~23.04.1 2023-10-10 20:07:03 UTC

  dotnet7 (7.0.112-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.

 -- Ian Constantin <email address hidden> Wed, 04 Oct 2023 23:02:30 +0300
Source diff to previous version

Version: 7.0.111-0ubuntu1~23.04.1 2023-09-12 21:09:13 UTC

  dotnet7 (7.0.111-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-36799: A vulnerability exists in .NET when processing X.509
      certificates that may result in Denial of Service.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.

 -- Ian Constantin <email address hidden> Tue, 05 Sep 2023 17:28:59 +0300
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability


About   -   Send Feedback to @ubuntu_updates