ASA-202105-22 log original external raw

[ASA-202105-22] dotnet-runtime-3.1: privilege escalation
Arch Linux Security Advisory ASA-202105-22 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID : CVE-2021-31204 Package : dotnet-runtime-3.1 Type : privilege escalation Remote : No Link : Summary ======= The package dotnet-runtime-3.1 before version 3.1.15.sdk115-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 3.1.15.sdk115-1. # pacman -Syu "dotnet-runtime-3.1>=3.1.15.sdk115-1" The problem has been fixed upstream in version 3.1.15.sdk115. Workaround ========== None. Description =========== An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux or macOS. The issue is fixed in .NET 5.0, Runtime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15 and SDK 3.1.115. Impact ====== An attacker could elevate privileges from a crafted single file application. References ==========