Bug 1856929 (CVE-2020-1147)

Summary: CVE-2020-1147 dotnet: XML source markup processing remote code execution
Product: [Other] Security Response Reporter: Stefan Cornelius <scorneli>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: andrew.slice, bodavis, dbhole, kanderso, omajid, rwagner
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dotnet core 2.1.20, dotnet core 3.1.6 Doc Type: ---
Doc Text:
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core application.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-15 13:27:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1856932, 1856933, 1856934, 1856935, 1856936, 1856937, 1856938, 1856939    
Bug Blocks: 1856921    

Description Stefan Cornelius 2020-07-14 17:47:45 UTC 
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core application.

External References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
https://github.com/dotnet/announcements/issues/159
Comment 2 errata-xmlrpc 2020-07-15 11:04:19 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2937 https://access.redhat.com/errata/RHSA-2020:2937
Comment 3 errata-xmlrpc 2020-07-15 11:05:18 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2939 https://access.redhat.com/errata/RHSA-2020:2939
Comment 4 errata-xmlrpc 2020-07-15 11:05:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2938 https://access.redhat.com/errata/RHSA-2020:2938
Comment 5 Product Security DevOps Team 2020-07-15 13:27:37 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1147
Comment 6 errata-xmlrpc 2020-07-15 14:33:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2954 https://access.redhat.com/errata/RHSA-2020:2954
Comment 7 errata-xmlrpc 2020-07-16 19:19:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2988 https://access.redhat.com/errata/RHSA-2020:2988
Comment 8 errata-xmlrpc 2020-07-17 14:47:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2989 https://access.redhat.com/errata/RHSA-2020:2989