This bug was fixed in the package dotnet8 -
8.0.110-8.0.10-0ubuntu1~22.04.1
---------------
dotnet8 (8.0.110-8.0.10-0ubuntu1~22.04.1) jammy-security; urgency=medium
* New upstream release
* SECURITY UPDATE: remote code execution
- CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
application code is writing to the response body, a race condition may
lead to remote code execution.
* SECURITY UPDATE: denial of service
- CVE-2024-43483: Multiple .NET components designed to process hostile
input are susceptible to hash flooding attacks.
* SECURITY UPDATE: denial of service
- CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
SortedList.
* SECURITY UPDATE: denial of service
- CVE-2024-43485: Denial of Service attack against System.Text.Json
ExtensionData feature.
-- Ian Constantin <ian.constan...@canonical.com> Wed, 02 Oct 2024
09:54:14 +0300
** Changed in: dotnet8 (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38229
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-43483
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-43484
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-43485
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2080023
Title:
[SRU] Enable s390x and ppc64el for .NET 8 on Jammy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet8/+bug/2080023/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
