ASA-202103-17 log generated external raw

[ASA-202103-17] dotnet-sdk: multiple issues
Arch Linux Security Advisory ASA-202103-17 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2021-1721 CVE-2021-1723 CVE-2021-24112 Package : dotnet-sdk Type : multiple issues Remote : Yes Link : Summary ======= The package dotnet-sdk before version 5.0.3.sdk103-2 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 5.0.3.sdk103-2. # pacman -Syu "dotnet-sdk>=5.0.3.sdk103-2" The problems have been fixed upstream in version 5.0.3.sdk103. Workaround ========== None. Description =========== - CVE-2021-1721 (denial of service) A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509 certificate chain building. - CVE-2021-1723 (denial of service) A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2. - CVE-2021-24112 (arbitrary code execution) A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only exists on systems running on MacOS or Linux. Impact ====== A malicious client can send crafted HTTP requests and crash the server, or execute arbitrary code by reading a crafted file. References ==========