[RHSA-2018:2684-01] Low: .NET Core Runtime 2.1.4 and SDK 2.1.402 for Red Hat Enterprise Linux

Security announcements for all Red Hat products and services. rhsa-announce at redhat.com
Wed Sep 12 07:13:11 UTC 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: .NET Core Runtime 2.1.4 and SDK 2.1.402 for Red Hat Enterprise Linux
Advisory ID:       RHSA-2018:2684-01
Product:           .NET Core on Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2684
Issue date:        2018-09-12
=====================================================================

1. Summary:

Updates for rh-dotnet21 and rh-dotnet21-dotnet are now available for .NET
Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Low.

2. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

.NET Core is a managed software framework. It implements a subset of the
.NET framework APIs and several new APIs, and it includes a CLR
implementation.

A new version of .NET Core that addresses several security vulnerabilities
is now available. The updated version of the runtime is 2.1.4. The updated
version of the SDK is 2.1.402.

These versions correspond to the September 2018 security release by .NET
Core upstream projects.

Security Fix(es):

Default inclusions for applications built with .NET Core have been updated
to reference the newest versions and their security fixes.

For more information, please refer to the upstream docs:

- - .NET Core 2.1.4: https://github.com/dotnet/core/issues/1932

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1621889 - .NET Core applications get oom killed on Kubernetes/OpenShift

6. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
rh-dotnet21-2.1-3.el7.src.rpm
rh-dotnet21-dotnet-2.1.402-2.el7.src.rpm

x86_64:
rh-dotnet21-2.1-3.el7.x86_64.rpm
rh-dotnet21-dotnet-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.4-2.el7.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.4-2.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.4xx-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-runtime-2.1-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source:
rh-dotnet21-2.1-3.el7.src.rpm
rh-dotnet21-dotnet-2.1.402-2.el7.src.rpm

x86_64:
rh-dotnet21-2.1-3.el7.x86_64.rpm
rh-dotnet21-dotnet-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.4-2.el7.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.4-2.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.4xx-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-runtime-2.1-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-dotnet21-2.1-3.el7.src.rpm
rh-dotnet21-dotnet-2.1.402-2.el7.src.rpm

x86_64:
rh-dotnet21-2.1-3.el7.x86_64.rpm
rh-dotnet21-dotnet-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-debuginfo-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-host-2.1.4-2.el7.x86_64.rpm
rh-dotnet21-dotnet-runtime-2.1-2.1.4-2.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-dotnet-sdk-2.1.4xx-2.1.402-2.el7.x86_64.rpm
rh-dotnet21-runtime-2.1-3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW5i8f9zjgjWX9erEAQhGXQ//eNmhcNQ2o98eFdNYxdAAXdObqAGATb25
4a216IsJ8zRw5B9ZhaJ2CSYL0eJzfgiavXzEXX4oEnawcDB0DAo221yjTQdfEr9W
yvMfaUwLOtGcAmvY5L/0ckC1cAnOkocxNOt55GnhHyifbNQCWPDTIfEeIbjyctKd
pPGfADE10b40JvBO6OIM9PnPHfa8CjplfYcshdjd5xlVKYZ3yGAbFyC7wAuawKu2
gADt+MN8bZwmjOUEu6LNLZMdKQkW+khON67ugEphmqu+uPA76ifUNqWSzRbZ+BiZ
9YIE+9pyUq4dY7VXWFiA96wULX/Tk0qvxZSSMaEoNl62aysAN7ZgrvJJd8yRmt82
C8H81nddT+peLRhzEZv4CIs4nXpXXK6qundixasbghuoCbFduoYH3sXfNVlYE0Ol
mTvEMjZXGQQpiZRhcoEQZpOmo0bY4NhxV+nqsxSmhsB8Q/yKz+QVa3qeBmXfme0u
CT18AB73H+Ir28vvnYT5E8ntgoesu+ANCHnqr2JK2XGBozLScs2FaYIMXkLtf9zJ
ey1XifyAGzHdcgH3EQ3cZUpXURyrae+aGmizmyirQs/T88Epbt8AAxynzhgHcovV
WZ7c2CPRJqR2aNIY47I62vyOF8fzlk5Ywoierj8miaEjLGQIllmFHlHfPE2cUpzd
9GzL7InjOfI=
=3w2B
-----END PGP SIGNATURE-----

More information about the RHSA-announce mailing list