1. Cybersecurity >
  2. Programmierung >
  3. .NET Core January 2020 Updates ? 2.1.15, 3.0.2, and 3.1.1

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

.NET Core January 2020 Updates – 2.1.15, 3.0.2, and 3.1.1


Programmierung vom | Direktlink: devblogs.microsoft.com Nachrichten Bewertung

Today, we are releasing the .NET Core January 2020 Update. These updates also contain security and reliability fixes. See the individual release notes for details on updated packages.

NOTE: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to make this choice will be seen on the download page. If you use other development environments, we recommend using the latest SDK release.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update will be included in a future update of Visual Studio.

See the .NET Core release notes ( 2.1.15 | 3.0.2 | 3.1.1 ) for details on the release, including issues fixed and affected packages.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

Note: You must pull updated .NET Core container images to get this update, with either docker pull or docker build –pull.

Security

CVE-2020-0602: ASP.NET Core Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CVE-2020-0603: ASP.NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles in memory.

CVE-2020-0605: .NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Core checks the source markup of a file.

CVE-2020-0606: .NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Core checks the source markup of a file.

The post .NET Core January 2020 Updates – 2.1.15, 3.0.2, and 3.1.1 appeared first on .NET Blog.

...
https://devblogs.microsoft.com/dotnet/net-core-january-2020/

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Announcing .NET Core 3.0

vom 1208.62 Punkte ic_school_black_18dp
Announcing .NET Core 3.0 We’re excited to announce the release of .NET Core 3.0. It includes many improvements, including adding Windows Forms and WPF, adding new JSON APIs, support for ARM64 and improving performance across the board. C# 8 is als

Announcing .NET Core 3 Preview 1 and Open Sourcing Windows Desktop Frameworks

vom 796.11 Punkte ic_school_black_18dp
Today, we are announcing .NET Core 3 Preview 1. It is the first public release of .NET Core 3. We have some exciting new features to share and would love your feedback. You can develop .NET Core 3 applications with Visual Studio 2019 Preview 1, Visual St

Announcing .NET Core 3.1

vom 708.98 Punkte ic_school_black_18dp
Announcing .NET Core 3.1 We’re excited to announce the release of .NET Core 3.1. It’s really just a small set of fixes and refinements over .NET Core 3.0, which we released just over two months ago. The most important feature is that .NET Core 3.1 i

Migrating a Sample WPF App to .NET Core 3 (Part 1)

vom 581.73 Punkte ic_school_black_18dp
Olia recently wrote a post about how to port a WinForms app from .NET Framework to .NET Core. Today, I’d like to follow that up by walking through the steps to migrate a sample WPF app to .NET Core 3. Many of these steps will be familiar from Olia

.NET Core 3 for Windows Desktop

vom 537.52 Punkte ic_school_black_18dp
Intro In September, we released .NET Core support for building Windows desktop applications, including WPF and Windows Forms. Since then, we have been delighted to see so many developers share their stories of migrating desktop applications (and contro

The Evolving Infrastructure of .NET Core

vom 484.79 Punkte ic_school_black_18dp
With .NET Core 3.0 Preview 6 out the door, we thought it would be useful to take a brief look at the history of our infrastructure systems and the significant improvements that have been made in the last year or so. This post will be interesting if yo

CentOS Blog: CentOS Community newsletter, February 2020 (#2002)

vom 450.41 Punkte ic_school_black_18dp
Dear CentOS enthusiast, After a slowdown over the past few months, the year is off to a busy start. I'm getting the newsletter out a little later than usual, due to having spent last week in Brussels, at FOSDEM. More about this below. Special thanks go to Ama

USN-4195-2: MariaDB vulnerabilities

vom 446.31 Punkte ic_school_black_18dp
mariadb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in MariaDB Software Description mariadb-10.3 - MariaDB database

Performance Improvements in .NET Core 3.0

vom 434.2 Punkte ic_school_black_18dp
Back when we were getting ready to ship .NET Core 2.0, I wrote a blog post exploring some of the many performance improvements that had gone into it. I enjoyed putting it together so much and received such a positive response to the post that I did it

.NET Core May 2019 Updates – 1.0.16, 1.1.14, 2.1.11 and 2.2.5

vom 408.63 Punkte ic_school_black_18dp
Today, we are releasing the .NET Core May 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. NOTE: If you are a Visual Studio user, there are MSBuild version requiremen

Announcing ML.NET 1.4 Preview and Model Builder updates (Machine Learning for .NET)

vom 392.88 Punkte ic_school_black_18dp
We are excited to announce ML.NET 1.4 Preview and updates to Model Builder and CLI. ML.NET is an open-source and cross-platform machine learning framework for .NET developers. ML.NET also includes Model Builder (a simple UI tool) and CLI to make

2,844 Separate Data Breaches leaked February 2018 - Free Download

vom 392.01 Punkte ic_school_black_18dp
In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen online, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been

Team Security Diskussion über .NET Core January 2020 Updates – 2.1.15, 3.0.2, and 3.1.1