1. IT-Security >
  2. Programmierung >
  3. .NET Core January 2020 Updates ? 2.1.15, 3.0.2, and 3.1.1

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

.NET Core January 2020 Updates – 2.1.15, 3.0.2, and 3.1.1


Programmierung vom | Direktlink: devblogs.microsoft.com Nachrichten Bewertung

Today, we are releasing the .NET Core January 2020 Update. These updates also contain security and reliability fixes. See the individual release notes for details on updated packages.

NOTE: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to make this choice will be seen on the download page. If you use other development environments, we recommend using the latest SDK release.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update will be included in a future update of Visual Studio.

See the .NET Core release notes ( 2.1.15 | 3.0.2 | 3.1.1 ) for details on the release, including issues fixed and affected packages.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

Note: You must pull updated .NET Core container images to get this update, with either docker pull or docker build –pull.

Security

CVE-2020-0602: ASP.NET Core Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CVE-2020-0603: ASP.NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles in memory.

CVE-2020-0605: .NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Core checks the source markup of a file.

CVE-2020-0606: .NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Core checks the source markup of a file.

The post .NET Core January 2020 Updates – 2.1.15, 3.0.2, and 3.1.1 appeared first on .NET Blog.

...

Externe Webseite mit kompletten Inhalt öffnen

https://devblogs.microsoft.com/dotnet/net-core-january-2020/

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Announcing .NET Core 3.0

    vom 1239.26 Punkte ic_school_black_18dp
    Announcing .NET Core 3.0 We’re excited to announce the release of .NET Core 3.0. It includes many improvements, including adding Windows Forms and WPF, adding new JSON APIs, support for ARM64 and improving performance across the board. C# 8 is als
  • Announcing .NET Core 3 Preview 1 and Open Sourcing Windows Desktop Frameworks

    vom 817.45 Punkte ic_school_black_18dp
    Today, we are announcing .NET Core 3 Preview 1. It is the first public release of .NET Core 3. We have some exciting new features to share and would love your feedback. You can develop .NET Core 3 applications with Visual Studio 2019 Preview 1, Visual St
  • Announcing .NET Core 3.1

    vom 728.62 Punkte ic_school_black_18dp
    Announcing .NET Core 3.1 We’re excited to announce the release of .NET Core 3.1. It’s really just a small set of fixes and refinements over .NET Core 3.0, which we released just over two months ago. The most important feature is that .NET Core 3.1 i
  • The February 2020 Security Update Review

    vom 643.77 Punkte ic_school_black_18dp
    February is here, and with it comes some significant security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2020The Adobe
  • CentOS Blog: CentOS Community newsletter, February 2020 (#2002)

    vom 604.34 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, After a slowdown over the past few months, the year is off to a busy start. I'm getting the newsletter out a little later than usual, due to having spent last week in Brussels, at FOSDEM. More about this below. Special thanks go to Ama
  • Migrating a Sample WPF App to .NET Core 3 (Part 1)

    vom 597.96 Punkte ic_school_black_18dp
    Olia recently wrote a post about how to port a WinForms app from .NET Framework to .NET Core. Today, I’d like to follow that up by walking through the steps to migrate a sample WPF app to .NET Core 3. Many of these steps will be familiar from Olia
  • .NET Core 3 for Windows Desktop

    vom 553.3 Punkte ic_school_black_18dp
    Intro In September, we released .NET Core support for building Windows desktop applications, including WPF and Windows Forms. Since then, we have been delighted to see so many developers share their stories of migrating desktop applications (and contro
  • The Evolving Infrastructure of .NET Core

    vom 494.99 Punkte ic_school_black_18dp
    With .NET Core 3.0 Preview 6 out the door, we thought it would be useful to take a brief look at the history of our infrastructure systems and the significant improvements that have been made in the last year or so. This post will be interesting if yo
  • USN-4195-2: MariaDB vulnerabilities

    vom 464.03 Punkte ic_school_black_18dp
    mariadb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in MariaDB Software Description mariadb-10.3 - MariaDB database
  • The January 2020 Security Update Review

    vom 455.5 Punkte ic_school_black_18dp
    Welcome to the new year, and welcome to the first Patch Tuesday of 2020. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for January 2020Adobe begins the ye
  • Performance Improvements in .NET Core 3.0

    vom 445.62 Punkte ic_school_black_18dp
    Back when we were getting ready to ship .NET Core 2.0, I wrote a blog post exploring some of the many performance improvements that had gone into it. I enjoyed putting it together so much and received such a positive response to the post that I did it
  • .NET Core May 2019 Updates – 1.0.16, 1.1.14, 2.1.11 and 2.2.5

    vom 417.79 Punkte ic_school_black_18dp
    Today, we are releasing the .NET Core May 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. NOTE: If you are a Visual Studio user, there are MSBuild version requiremen

Team Security Diskussion über .NET Core January 2020 Updates – 2.1.15, 3.0.2, and 3.1.1