September 11th, 2018

.NET Core September 2018 Update

Lee Coward
.NET Program Manager

Today, we are releasing the .NET Core September 2018 Update. This update includes .NET Core 2.1.4 and .NET Core SDK 2.1.402 and contains important reliability fixes.

Security

CVE-2018-8409: .NET Core Denial Of Service Vulnerability A denial of service vulnerability exists in .NET Core 2.1 when System.IO.Pipelines improperly handles requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an application that is leveraging System.IO.Pipelines. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by providing specially crafted requests to the application.

CVE-2018-8409: ASP.NET Core Denial Of Service Vulnerability A denial of service vulnerability exists in ASP.NET Core 2.1 that improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by providing a specially crafted web requests to the ASP.NET Core application.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update is included in Visual Studio 15.8.4, which is also releasing today.

Additional details, such as how to update vulnerable applications, can be found in the ASP.NET Core and .NET Core repo announcements.

See the .NET Core 2.1.4 release notes for details on the release including a detailed commit list.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

microsoft/dotnet microsoft/dotnet-samples

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Azure App Services deployment

Deployment of .NET Core 2.1.4 to Azure App Services has begun and the West Central US region will be live this morning. Remaining regions will be updated over the next few days and deployment is expected to be complete by end of week..

Previous .NET Core Updates

The last few .NET Core updates follow:

August 2018 Update July 2018 Update June 2018 Update May 2018 Update

Author

Lee Coward
.NET Program Manager

Lee Coward is a Program Manager on the .NET team. He works on making .NET releases efficient for the team, and easy to acquire for the community.

1 comment

Discussion is closed. Login to edit/delete existing comments.

  • AlanW

    How can I verify if I have CVE-2018-8409 installed on the windows machine? Is this a part of a particular knowledge base?