Merge pull request #1092 from leecow/master
add sec advisory info to relnotes
This commit is contained in:
commit
eecb169f45
|
@ -21,6 +21,26 @@ Deployment of the November 2017 Update on Azure AppServices is in process. Becau
|
|||
|
||||
### Security Advisories
|
||||
|
||||
Microsoft is releasing security advisories for .NET Core and ASP.NET Core. Details can be found in corresponding announcements in the [.NET Core](https://github.com/dotnet/announcements) and [ASP.NET Core](https://github.com/aspnet/announcements) repos.
|
||||
|
||||
#### CVE-2017-8585 Malformed Certificate can cause Denial of Service
|
||||
|
||||
Microsoft is aware of a security vulnerability in .NET Core 1.0, 1.1 and 2.0 where a malformed certificate or other ASN.1 formatted data could lead to a denial of service via an infinite loop on Linux and macOS.
|
||||
|
||||
System administrators are advised to update their .NET Core runtimes to versions 1.0.8, 1.1.5 and 2.0.1. Developers are advised to update their .NET Core SDK to version 2.0.3 or 1.1.5.
|
||||
|
||||
#### CVE-2017-8700 CORS bypass can enable Information Disclosure
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0 and 1.1 where Cross-Origin Resource Sharing (CORS) can be bypassed, leading to information disclosure.
|
||||
|
||||
#### CVE-2017-11879: Open Redirect can cause Elevation Of Privilege
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 2.0 where an Open Redirect exists, leading to Elevation Of Privilege.
|
||||
|
||||
#### CVE-2017-11770: Denial Of Service Vulnerability
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0, 1.1 and 2.0 where the application is hosted through Windows Http.Sys where a malformed request can lead to a Denial Of Service.
|
||||
|
||||
### Docker Images
|
||||
|
||||
The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have been updated for this release. Look for the 1.1.5 images.
|
||||
|
|
|
@ -21,6 +21,26 @@ Deployment of the November 2017 Update on Azure AppServices is in process. Becau
|
|||
|
||||
### Security Advisories
|
||||
|
||||
Microsoft is releasing security advisories for .NET Core and ASP.NET Core. Details can be found in corresponding announcements in the [.NET Core](https://github.com/dotnet/announcements) and [ASP.NET Core](https://github.com/aspnet/announcements) repos.
|
||||
|
||||
#### CVE-2017-8585 Malformed Certificate can cause Denial of Service
|
||||
|
||||
Microsoft is aware of a security vulnerability in .NET Core 1.0, 1.1 and 2.0 where a malformed certificate or other ASN.1 formatted data could lead to a denial of service via an infinite loop on Linux and macOS.
|
||||
|
||||
System administrators are advised to update their .NET Core runtimes to versions 1.0.8, 1.1.5 and 2.0.1. Developers are advised to update their .NET Core SDK to version 2.0.3 or 1.1.5.
|
||||
|
||||
#### CVE-2017-8700 CORS bypass can enable Information Disclosure
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0 and 1.1 where Cross-Origin Resource Sharing (CORS) can be bypassed, leading to information disclosure.
|
||||
|
||||
#### CVE-2017-11879: Open Redirect can cause Elevation Of Privilege
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 2.0 where an Open Redirect exists, leading to Elevation Of Privilege.
|
||||
|
||||
#### CVE-2017-11770: Denial Of Service Vulnerability
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0, 1.1 and 2.0 where the application is hosted through Windows Http.Sys where a malformed request can lead to a Denial Of Service.
|
||||
|
||||
### Docker Images
|
||||
|
||||
The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have been updated for this release. Look for the 1.1.5 images.
|
||||
|
|
|
@ -18,7 +18,23 @@ Deployment of .NET Core 2.0 support on Azure AppServices is in process. Because
|
|||
|
||||
## .NET Core 2.0 Highlights
|
||||
|
||||
### Security
|
||||
### Security Advisories
|
||||
|
||||
Microsoft is releasing security advisories for .NET Core and ASP.NET Core. Details can be found in corresponding announcements in the [.NET Core](https://github.com/dotnet/announcements/issues?q=is%3Aopen+is%3Aissue+label%3ASecurity) and [ASP.NET Core](https://github.com/aspnet/announcements/issues?q=is%3Aopen+is%3Aissue+label%3ASecurity) repos.
|
||||
|
||||
#### CVE-2017-8585 Malformed Certificate can cause Denial of Service
|
||||
|
||||
Microsoft is aware of a security vulnerability in .NET Core 1.0, 1.1 and 2.0 where a malformed certificate or other ASN.1 formatted data could lead to a denial of service via an infinite loop on Linux and macOS.
|
||||
|
||||
System administrators are advised to update their .NET Core runtimes to versions 1.0.8, 1.1.5 and 2.0.1. Developers are advised to update their .NET Core SDK to version 2.0.3 or 1.1.5.
|
||||
|
||||
#### CVE-2017-11879: Open Redirect can cause Elevation Of Privilege
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 2.0 where an Open Redirect exists, leading to Elevation Of Privilege.
|
||||
|
||||
#### CVE-2017-11770: Denial Of Service Vulnerability
|
||||
|
||||
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0, 1.1 and 2.0 where the application is hosted through Windows Http.Sys where a malformed request can lead to a Denial Of Service.
|
||||
|
||||
### Docker Images
|
||||
|
||||
|
|
Loading…
Reference in a new issue