ALAS2023-2023-326

Amazon Linux 2023 Security Advisory: ALAS2023-2023-326
Advisory Released Date: 2023-09-07
Advisory Updated Date: 2025-02-26

Severity: Important

References: CVE-2023-35390 CVE-2023-38178 CVE-2023-38180
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

.NET and Visual Studio Remote Code Execution Vulnerability (CVE-2023-35390)

.NET Core and Visual Studio Denial of Service Vulnerability (CVE-2023-38178)

.NET and Visual Studio Denial of Service Vulnerability (CVE-2023-38180)

Affected Packages:

dotnet6.0

Issue Correction:
Run dnf update dotnet6.0 --releasever 2023.1.20230906 to update your system.

New Packages:

aarch64:
    dotnet-sdk-6.0-debuginfo-6.0.121-1.amzn2023.0.2.aarch64
    aspnetcore-runtime-6.0-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-hostfxr-6.0-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.amzn2023.0.2.aarch64
    dotnet6.0-debuginfo-6.0.121-1.amzn2023.0.2.aarch64
    aspnetcore-targeting-pack-6.0-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-apphost-pack-6.0-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-runtime-6.0-debuginfo-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-targeting-pack-6.0-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-hostfxr-6.0-debuginfo-6.0.21-1.amzn2023.0.2.aarch64
    netstandard-targeting-pack-2.1-6.0.121-1.amzn2023.0.2.aarch64
    dotnet-host-debuginfo-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-templates-6.0-6.0.121-1.amzn2023.0.2.aarch64
    dotnet-6.0.121-1.amzn2023.0.2.aarch64
    dotnet-runtime-6.0-6.0.21-1.amzn2023.0.2.aarch64
    dotnet-host-6.0.21-1.amzn2023.0.2.aarch64
    dotnet6.0-debugsource-6.0.121-1.amzn2023.0.2.aarch64
    dotnet-sdk-6.0-6.0.121-1.amzn2023.0.2.aarch64

src:
    dotnet6.0-6.0.121-1.amzn2023.0.2.src

x86_64:
    dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.amzn2023.0.2.x86_64
    dotnet6.0-debuginfo-6.0.121-1.amzn2023.0.2.x86_64
    dotnet-host-debuginfo-6.0.21-1.amzn2023.0.2.x86_64
    aspnetcore-runtime-6.0-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-host-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-targeting-pack-6.0-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-templates-6.0-6.0.121-1.amzn2023.0.2.x86_64
    dotnet-6.0.121-1.amzn2023.0.2.x86_64
    dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-hostfxr-6.0-debuginfo-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-runtime-6.0-debuginfo-6.0.21-1.amzn2023.0.2.x86_64
    aspnetcore-targeting-pack-6.0-6.0.21-1.amzn2023.0.2.x86_64
    netstandard-targeting-pack-2.1-6.0.121-1.amzn2023.0.2.x86_64
    dotnet-sdk-6.0-debuginfo-6.0.121-1.amzn2023.0.2.x86_64
    dotnet-hostfxr-6.0-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-apphost-pack-6.0-6.0.21-1.amzn2023.0.2.x86_64
    dotnet-runtime-6.0-6.0.21-1.amzn2023.0.2.x86_64
    dotnet6.0-debugsource-6.0.121-1.amzn2023.0.2.x86_64
    dotnet-sdk-6.0-6.0.121-1.amzn2023.0.2.x86_64

Changelog:

2025-02-26: CVE-2023-38178 was added to this advisory.

2024-07-17: CVE-2023-38180 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-35390, CVE-2023-38178, CVE-2023-38180

Mitre: CVE-2023-35390, CVE-2023-38178, CVE-2023-38180