安全公告详情

NS-SA-2021-0055

2021-03-09 14:27:07

简介

important: util-linux/dotnet3.1 security update

严重级别

important

主题

An update for util-linux/dotnet3.1 is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

util-linux: This package provides debug information for package libmount. Debug information is useful when developing applications that use this package or when debugging this package.
dotnet3.1: This package provides debug information for package dotnet-sdk-3.1. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
util-linux: Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.(CVE-2014-9114)
util-linux: bugfix
dotnet3.1: A flaw was found in ASP.NET Core. Client disconnects were not properly handled in all circumstances. A remote, unauthenticated attacker could send specially crafted requests that would consume more disk and CPU resources than necessary potentially leading to a denial of service via resource exhaustion. The highest threat from this vulnerability is to system availability(CVE-2020-1597)
dotnet3.1: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.40B4.

影响组件

  • util-linux
  • dotnet3.1

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["libblkid-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","util-linux-debugsource-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","util-linux-user-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","uuidd-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libsmartcols-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libuuid-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","util-linux-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","util-linux-user-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libblkid-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","uuidd-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","python3-libmount-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libmount-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libsmartcols-devel-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","util-linux-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libsmartcols-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libfdisk-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libmount-devel-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libmount-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libuuid-devel-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libuuid-debuginfo-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libfdisk-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libblkid-devel-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","libfdisk-devel-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm","python3-libmount-2.32.1-22.el8.cgslv6_2.0.1.ge664644.x86_64.rpm"],"source":"util-linux-2.32.1-22.el8.cgslv6_2.0.1.ge664644.src.rpm"},{"binary":["dotnet-hostfxr-3.1-debuginfo-3.1.7-1.el8_2.x86_64.rpm","dotnet-host-debuginfo-3.1.7-1.el8_2.x86_64.rpm","dotnet3.1-debugsource-3.1.107-1.el8_2.x86_64.rpm","dotnet-runtime-3.1-debuginfo-3.1.7-1.el8_2.x86_64.rpm","dotnet-sdk-3.1-debuginfo-3.1.107-1.el8_2.x86_64.rpm","dotnet3.1-debuginfo-3.1.107-1.el8_2.x86_64.rpm","dotnet-apphost-pack-3.1-debuginfo-3.1.7-1.el8_2.x86_64.rpm","netstandard-targeting-pack-2.1-3.1.107-1.el8_2.x86_64.rpm","dotnet-sdk-3.1-3.1.107-1.el8_2.x86_64.rpm","dotnet-hostfxr-3.1-3.1.7-1.el8_2.x86_64.rpm","dotnet-apphost-pack-3.1-3.1.7-1.el8_2.x86_64.rpm","dotnet-host-3.1.7-1.el8_2.x86_64.rpm","dotnet-targeting-pack-3.1-3.1.7-1.el8_2.x86_64.rpm","dotnet-runtime-3.1-3.1.7-1.el8_2.x86_64.rpm","dotnet-templates-3.1-3.1.107-1.el8_2.x86_64.rpm","aspnetcore-runtime-3.1-3.1.7-1.el8_2.x86_64.rpm","aspnetcore-targeting-pack-3.1-3.1.7-1.el8_2.x86_64.rpm","dotnet-3.1.107-1.el8_2.x86_64.rpm"],"source":"dotnet3.1-3.1.107-1.el8_2.src.rpm"}]}]}

CVE

参考