USN-6773-1

Source
https://ubuntu.com/security/notices/USN-6773-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6773-1.json
Related
  • CVE-2024-30045
  • CVE-2024-30046
Published
2024-05-15T14:34:38.383081Z
Modified
2024-05-16T13:40:01.250546Z
Summary
dotnet7, dotnet8 vulnerabilities
Details

It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. (CVE-2024-30045)

It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service. (CVE-2024-30046)

References

Affected packages

Ubuntu:22.04:LTS / dotnet7

Package

Name
dotnet7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.0.119-0ubuntu1~22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "netstandard-targeting-pack-2.1-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-sdk-7.0": "7.0.119-0ubuntu1~22.04.1",
            "aspnetcore-runtime-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet7": "7.0.119-0ubuntu1~22.04.1",
            "aspnetcore-targeting-pack-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-apphost-pack-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-runtime-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-hostfxr-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-host-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-sdk-7.0-source-built-artifacts": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-targeting-pack-7.0": "7.0.119-0ubuntu1~22.04.1",
            "dotnet-templates-7.0": "7.0.119-0ubuntu1~22.04.1"
        }
    ]
}

Ubuntu:22.04:LTS / dotnet8

Package

Name
dotnet8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
8.0.105-8.0.5-0ubuntu1~22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "dotnet-templates-8.0": "8.0.105-0ubuntu1~22.04.1",
            "dotnet8": "8.0.105-8.0.5-0ubuntu1~22.04.1",
            "aspnetcore-runtime-dbg-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-hostfxr-8.0": "8.0.5-0ubuntu1~22.04.1",
            "aspnetcore-runtime-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-runtime-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-host-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-runtime-dbg-8.0": "8.0.5-0ubuntu1~22.04.1",
            "netstandard-targeting-pack-2.1-8.0": "8.0.105-0ubuntu1~22.04.1",
            "dotnet-apphost-pack-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-sdk-8.0-source-built-artifacts": "8.0.105-0ubuntu1~22.04.1",
            "dotnet-sdk-dbg-8.0": "8.0.105-0ubuntu1~22.04.1",
            "aspnetcore-targeting-pack-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-targeting-pack-8.0": "8.0.5-0ubuntu1~22.04.1",
            "dotnet-sdk-8.0": "8.0.105-0ubuntu1~22.04.1"
        }
    ]
}

Ubuntu:23.10 / dotnet7

Package

Name
dotnet7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
7.0.119-0ubuntu1~23.10.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "netstandard-targeting-pack-2.1-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-sdk-7.0": "7.0.119-0ubuntu1~23.10.1",
            "aspnetcore-runtime-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet7": "7.0.119-0ubuntu1~23.10.1",
            "aspnetcore-targeting-pack-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-apphost-pack-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-runtime-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-hostfxr-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-host-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-sdk-7.0-source-built-artifacts": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-targeting-pack-7.0": "7.0.119-0ubuntu1~23.10.1",
            "dotnet-templates-7.0": "7.0.119-0ubuntu1~23.10.1"
        }
    ]
}

Ubuntu:23.10 / dotnet8

Package

Name
dotnet8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
8.0.105-8.0.5-0ubuntu1~23.10.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "dotnet-templates-8.0": "8.0.105-0ubuntu1~23.10.1",
            "dotnet8": "8.0.105-8.0.5-0ubuntu1~23.10.1",
            "aspnetcore-runtime-dbg-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-hostfxr-8.0": "8.0.5-0ubuntu1~23.10.1",
            "aspnetcore-runtime-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-runtime-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-host-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-runtime-dbg-8.0": "8.0.5-0ubuntu1~23.10.1",
            "netstandard-targeting-pack-2.1-8.0": "8.0.105-0ubuntu1~23.10.1",
            "dotnet-apphost-pack-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-sdk-8.0-source-built-artifacts": "8.0.105-0ubuntu1~23.10.1",
            "dotnet-sdk-dbg-8.0": "8.0.105-0ubuntu1~23.10.1",
            "aspnetcore-targeting-pack-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-targeting-pack-8.0": "8.0.5-0ubuntu1~23.10.1",
            "dotnet-sdk-8.0": "8.0.105-0ubuntu1~23.10.1"
        }
    ]
}

Ubuntu:24.04:LTS / dotnet8

Package

Name
dotnet8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
8.0.105-8.0.5-0ubuntu1~24.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "dotnet-templates-8.0": "8.0.105-0ubuntu1~24.04.1",
            "dotnet8": "8.0.105-8.0.5-0ubuntu1~24.04.1",
            "aspnetcore-runtime-dbg-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-hostfxr-8.0": "8.0.5-0ubuntu1~24.04.1",
            "aspnetcore-runtime-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-runtime-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-host-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-runtime-dbg-8.0": "8.0.5-0ubuntu1~24.04.1",
            "netstandard-targeting-pack-2.1-8.0": "8.0.105-0ubuntu1~24.04.1",
            "dotnet-apphost-pack-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-sdk-8.0-source-built-artifacts": "8.0.105-0ubuntu1~24.04.1",
            "dotnet-sdk-dbg-8.0": "8.0.105-0ubuntu1~24.04.1",
            "aspnetcore-targeting-pack-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-targeting-pack-8.0": "8.0.5-0ubuntu1~24.04.1",
            "dotnet-sdk-8.0": "8.0.105-0ubuntu1~24.04.1"
        }
    ]
}