{"id":16545,"date":"2018-01-09T13:08:03","date_gmt":"2018-01-09T21:08:03","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=16545"},"modified":"2021-09-29T16:36:28","modified_gmt":"2021-09-29T23:36:28","slug":"net-core-january-2018-update","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-january-2018-update\/","title":{"rendered":".NET Core January 2018 Update"},"content":{"rendered":"<p><span>Today, we are releasing the .NET Core January 2018 Update. This includes .NET Core \u00a0<a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/1.0\/1.0.9.md\">1.0.9<\/a>, <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/1.1\/1.1.6.md\">1.1.6<\/a> and <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.0\/2.0.5.md\">2.0.5<\/a>.<\/span><\/p>\n<p>Please leave feedback on the release in the comments below or at <a href=\"https:\/\/github.com\/dotnet\/core\/issues\/1199\">dotnet\/core #1199<\/a>.<\/p>\n<h2>Security<\/h2>\n<h3>CVE-2018-0786 &#8211; Security Feature Bypass in X509 Certificate Validation<\/h3>\n<p>Microsoft is aware of a security vulnerability in the public versions of .NET Core where an attacker could present a certificate that is marked invalid for a specific use, but a component uses it for that purpose. This action disregards the Enhanced Key Usage tagging.<\/p>\n<p>The security update addresses the vulnerability by ensuring that .NET Core components completely validate certificates.<\/p>\n<p><a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/51\">CVE-2018-0786<\/a><\/p>\n<h3><a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.0\/2.0.5.md#cve-2018-0764---denial-of-service-when-parsing-xml-documents\" id=\"user-content-cve-2018-0764---denial-of-service-when-parsing-xml-documents\" class=\"anchor\"><\/a>CVE-2018-0764 &#8211; Denial of Service when parsing XML documents<\/h3>\n<p>Microsoft is aware of a Denial of Service vulnerability in all public versions of .NET core due to improper processing of XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.<\/p>\n<p>The update addresses the vulnerability by correcting how .NET core handles XML document processing.<\/p>\n<p><a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/52\">CVE-2018-0764<\/a><\/p>\n<h2>Getting the Update<\/h2>\n<p>The .NET Core January 2018 Update is available from the<span>\u00a0<\/span><a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/download-archive.md\">.NET Core download page<\/a>.<\/p>\n<p>You can always download the latest version of .NET Core at<span>\u00a0<\/span><a href=\"https:\/\/www.microsoft.com\/net\/download\">.NET Downloads<\/a>.<\/p>\n<h3>Docker Images<\/h3>\n<p>.NET Docker images have been updated for today\u2019s release. The following repos have been updated.<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet\/\">microsoft\/dotnet<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-samples\/\">microsoft\/dotnet-samples<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore\/\">microsoft\/aspnetcore\/<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore-build\/\">microsoft\/aspnetcore-build\/<\/a><\/li>\n<\/ul>\n<p>Note: Look at the \u201cTags\u201d view in each repository to see the updated Docker image tags.<\/p>\n<p>Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.<\/p>\n<h2>Previous .NET Core Updates<\/h2>\n<p>The last few .NET Core updates follow:<\/p>\n<ul>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-november-2017-update\/\">November 2017 Update<\/a><\/li>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-september-2017-update-macos-high-sierra-support\/\">September 2017 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2017\/05\/09\/net-core-may-2017-update\/\">May 2017 Update<\/a><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2017\/01\/30\/january-2017-update-for-asp-net-core-1-1\/\"><\/a><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2016\/12\/13\/december-2016-update-net-core-1-0\/\"><\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the .NET Core January 2018 Update. This includes .NET Core \u00a01.0.9, 1.1.6 and 2.0.5. Please leave feedback on the release in the comments below or at dotnet\/core #1199. Security CVE-2018-0786 &#8211; Security Feature Bypass in X509 Certificate Validation Microsoft is aware of a security vulnerability in the public versions of .NET [&hellip;]<\/p>\n","protected":false},"author":336,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-16545","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the .NET Core January 2018 Update. This includes .NET Core \u00a01.0.9, 1.1.6 and 2.0.5. Please leave feedback on the release in the comments below or at dotnet\/core #1199. Security CVE-2018-0786 &#8211; Security Feature Bypass in X509 Certificate Validation Microsoft is aware of a security vulnerability in the public versions of .NET [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/16545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=16545"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/16545\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=16545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=16545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=16545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}