Updates to rel notes
This commit is contained in:
parent
714e4adbf4
commit
1da78d557b
|
@ -47,6 +47,12 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
|
|||
* ### [CVE-2019-0545: .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
|
||||
**Executive summary**
|
||||
|
||||
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
|
||||
|
||||
Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.
|
||||
|
||||
The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.
|
||||
|
||||
* ### [CVE-2019-0548: ASP.NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
|
||||
**Executive summary**
|
||||
|
||||
|
|
|
@ -46,6 +46,13 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
|
|||
|
||||
* ### [CVE-2019-0545: .NET Core Information Disclosure Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
|
||||
**Executive summary**
|
||||
|
||||
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
|
||||
|
||||
Microsoft is aware of an information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.
|
||||
|
||||
The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass.
|
||||
|
||||
* ### [CVE-2019-0548: ASP.NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
|
||||
**Executive summary**
|
||||
|
||||
|
@ -75,23 +82,6 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
|
|||
Microsoft.AspNetCore.App | 2.2.0<br/>2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6 | 2.2.1 <br/> 2.1.7
|
||||
Microsoft.AspNetCore.All | 2.2.0<br/>2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6 | 2.2.1 <br/> 2.1.7
|
||||
|
||||
* ### [CVE-2018-8416: .NET Core Tampering Vulnerability](https://github.com/dotnet/Announcements/issues/XX)
|
||||
**Executive summary**
|
||||
|
||||
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
|
||||
|
||||
Microsoft is aware of a tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
|
||||
|
||||
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system
|
||||
|
||||
The update addresses the vulnerability by correcting how .NET Core handles these files.
|
||||
|
||||
**Package and Binary updates**
|
||||
|
||||
Package name | Vulnerable versions | Secure versions
|
||||
------------ | ------------------- | -------------------------
|
||||
System.IO.Compression.ZipFile | 4.0.0, 4.0.1, 4.3.0 | 4.3.1
|
||||
|
||||
## Packages updated as part of this release:
|
||||
|
||||
Package name | Version
|
||||
|
|
Loading…
Reference in a new issue