Packages
Details
Barry Dorrans discovered that .NET did not properly implement certain
security features for Blazor server forms. An attacker could possibly
use this issue to bypass validation, which could trigger unintended
actions. (CVE-2023-36558)
Piotr Bazydlo discovered that .NET did not properly handle untrusted
URIs provided to System.Net.WebRequest.Create. An attacker could possibly
use this issue to inject arbitrary commands to backend FTP servers.
(CVE-2023-36049)
Barry Dorrans discovered that .NET did not properly implement certain
security features for Blazor server forms. An attacker could possibly
use this issue to bypass validation, which could trigger unintended
actions. (CVE-2023-36558)
Piotr Bazydlo discovered that .NET did not properly handle untrusted
URIs provided to System.Net.WebRequest.Create. An attacker could possibly
use this issue to inject arbitrary commands to backend FTP servers.
(CVE-2023-36049)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.