.NET June 2023 Updates – .NET 7.0.7, .NET 6.0.18

Rahul Bhandari (MSFT)

June 13th, 20230 0

Today, we are releasing the .NET June 2023 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 7.0.7 and 6.0.18 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Windows Package Manager CLI (winget)

You can now install .NET updates using the Windows Package Manager CLI (winget):

To install the .NET 7 runtime: winget install dotnet-runtime-7
To install the .NET 7 SDK: winget install dotnet-sdk-7
To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Improvements

ASP.NET Core: 7.0.7 | 6.0.18
Entity Framework Core: 7.0.7
Runtime: 7.0.7 | 6.0.18
Winforms: 7.0.7 | 6.0.18
WPF: 7.0.7 | 6.0.18

Security

CVE-2023-24895 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in how WPF for .NET handles certain XAML Frame elements which may result in remote code execution.

CVE-2023-24897 – .NET Remote Code Execution Vulnerability

A vulnerability exists in how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution.

CVE-2023-24936 – .NET Elevation of Privilege Vulnerability

A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges.

CVE-2023-29331 – .NET Denial of Service Vulnerability

A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service.

CVE-2023-29337 – NuGet Client Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in nuget where a potential race condition that can lead to a symlink attack

CVE-2023-32032 – .NET Denial of Service Vulnerability

A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges.

CVE-2023-33126 – .NET Denial of Service Vulnerability

A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading arbitrary binaries.

CVE-2023-33128 – .NET Denial of Service Vulnerability

A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing.

CVE-2023-33135 – .NET Denial of Service Vulnerability

A vulnerability exists in the .NET SDK during tool restore which can lead to an elevation of privilege.

Visual Studio

See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.

Rahul Bhandari (MSFT) Program Manager, .NET

Follow

.NET June 2023 Updates – .NET 7.0.7, .NET 6.0.18

.NET June 2023 Updates – .NET 7.0.7, .NET 6.0.18

Windows Package Manager CLI (winget)

Improvements

Security

Visual Studio

Rahul Bhandari (MSFT) Program Manager, .NET

Recommend

保时捷揭示 Mission X ，900伏架构超级电动跑车

Top 10 Most Profitable Cartoon Series

Types of Network Medium: Wired & Wireless Networking

Spatial Design: 8 Principles and Guidelines for Immersive Experiences

How to Handle Empty States Using UIContentUnavailableConfiguration

Selfit - Fitness and health planner app | Product Hunt

喜马拉雅“66小说爆更节”主播爆更日订阅量增长78%

当贝CEO送货上门 618京东联合当贝打造20周年定制礼盒

中国创新药企进入“商业化”比拼阶段，这家Biotech营收激增142%

1.4万亿美元“火药”在手，全球药企掀并购狂潮！

About Joyk