USN-6217-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-6217-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6217-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6217-1
- Related
- Published
- 2023-07-11T19:31:45.628698Z
- Modified
- 2023-07-11T19:31:45.628698Z
- Summary
- dotnet6, dotnet7 vulnerability
- Details
-
McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account.
- References
Affected packages
Ubuntu:22.04:LTS / dotnet6
Package
- Name
- dotnet6
- Purl
- pkg:deb/ubuntu/dotnet6?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.120-0ubuntu1~22.04.1
Affected versions
6.*
6.0.108-0ubuntu1~22.04.1
6.0.109-0ubuntu1~22.04.1
6.0.110-0ubuntu1~22.04.1
6.0.111-0ubuntu1~22.04.1
6.0.113-0ubuntu1~22.04.1
6.0.116-0ubuntu1~22.04.1
6.0.118-0ubuntu1~22.04.1
6.0.119-0ubuntu1~22.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-runtime-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-targeting-pack-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-apphost-pack-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-apphost-pack-6.0-dbgsym"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-host"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-host-dbgsym"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-hostfxr-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-hostfxr-6.0-dbgsym"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-runtime-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-runtime-6.0-dbgsym"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-6.0-dbgsym"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-6.0-source-built-artifacts"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-targeting-pack-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet-templates-6.0"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "dotnet6"
},
{
"binary_version": "6.0.120-0ubuntu1~22.04.1",
"binary_name": "netstandard-targeting-pack-2.1"
}
]
}
Ubuntu:22.04:LTS / dotnet7
Package
- Name
- dotnet7
- Purl
- pkg:deb/ubuntu/dotnet7?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.109-0ubuntu1~22.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-runtime-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "aspnetcore-targeting-pack-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-apphost-pack-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-apphost-pack-7.0-dbgsym"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-host-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-host-7.0-dbgsym"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-hostfxr-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-hostfxr-7.0-dbgsym"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-runtime-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-runtime-7.0-dbgsym"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-7.0-dbgsym"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-sdk-7.0-source-built-artifacts"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-targeting-pack-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet-templates-7.0"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "dotnet7"
},
{
"binary_version": "7.0.109-0ubuntu1~22.04.1",
"binary_name": "netstandard-targeting-pack-2.1-7.0"
}
]
}