USN-6362-1

Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service.

References

Affected packages

Ubuntu:22.04:LTS / dotnet6

Package

Name: dotnet6
Purl: pkg:deb/ubuntu/dotnet6@6.0.122-0ubuntu1~22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.122-0ubuntu1~22.04.1

Affected versions

6.*

6.0.108-0ubuntu1~22.04.1

6.0.109-0ubuntu1~22.04.1

6.0.110-0ubuntu1~22.04.1

6.0.111-0ubuntu1~22.04.1

6.0.113-0ubuntu1~22.04.1

6.0.116-0ubuntu1~22.04.1

6.0.118-0ubuntu1~22.04.1

6.0.119-0ubuntu1~22.04.1

6.0.120-0ubuntu1~22.04.1

6.0.121-0ubuntu1~22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "aspnetcore-runtime-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "aspnetcore-targeting-pack-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-apphost-pack-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-host"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-hostfxr-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-runtime-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-sdk-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-sdk-6.0-source-built-artifacts"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-targeting-pack-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet-templates-6.0"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "dotnet6"
        },
        {
            "binary_version": "6.0.122-0ubuntu1~22.04.1",
            "binary_name": "netstandard-targeting-pack-2.1"
        }
    ]
}

Database specific

{
    "cves_map": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "cves": [
            {
                "id": "CVE-2023-36799",
                "severity": [
                    {
                        "type": "CVSS_V3",
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                    },
                    {
                        "type": "CVSS_V3",
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                    },
                    {
                        "type": "Ubuntu",
                        "score": "medium"
                    }
                ]
            }
        ]
    }
}

Ubuntu:22.04:LTS / dotnet7

Package

Name: dotnet7
Purl: pkg:deb/ubuntu/dotnet7@7.0.111-0ubuntu1~22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.111-0ubuntu1~22.04.1

Affected versions

7.*

7.0.105-0ubuntu1~22.04.1

7.0.107-0ubuntu1~22.04.1

7.0.108-0ubuntu1~22.04.1

7.0.109-0ubuntu1~22.04.1

7.0.110-0ubuntu1~22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "aspnetcore-runtime-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "aspnetcore-targeting-pack-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-apphost-pack-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-host-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-hostfxr-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-runtime-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-sdk-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-sdk-7.0-source-built-artifacts"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-targeting-pack-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet-templates-7.0"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "dotnet7"
        },
        {
            "binary_version": "7.0.111-0ubuntu1~22.04.1",
            "binary_name": "netstandard-targeting-pack-2.1-7.0"
        }
    ]
}

Database specific

{
    "cves_map": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "cves": [
            {
                "id": "CVE-2023-36799",
                "severity": [
                    {
                        "type": "CVSS_V3",
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                    },
                    {
                        "type": "CVSS_V3",
                        "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                    },
                    {
                        "type": "Ubuntu",
                        "score": "medium"
                    }
                ]
            }
        ]
    }
}