.NET Core 1.0.15 is available for download and usage in your environment.
The .NET Core SDK 1.1.13 includes .NET Core 1.0.15 Runtime so downloading the runtime packages separately is not needed when installing the SDK. After installing the .NET Core SDK 1.1.13, running dotnet --version
will show that you’re running version 1.1.13
of the .NET Core tools.
Your feedback is important and appreciated. We’ve created an issue at dotnet/core #2432 for your questions and comments.
The .NET Core Docker images have been updated for this release. Look for the updated images for .NET Core 1.0.15 and .NET Core SDK 1.1.13 and read “Staying up-to-date with .NET Container Images” for details and insights into using the .NET Core images.
There are no changes this month in OS version support status.
.NET Core 1.0 and 1.1, which entered “Maintenance” support status when 2.1 was declared LTS, will be end-of-life June 27, 2019. Updates for the 1.0 and 1.1 channels will no longer be offered after that date. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.
See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.
CVE-2019-0657: .NET Core NuGet Tampering Vulnerability
A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.
The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine.
Affected Package and Binary updates
Package name | Vulnerable versions | Secure versions |
---|---|---|
Nuget.Packaging | 4.3.0 | 4.3.1 |
Package name | Version |
---|---|
Microsoft.NETCore.App | 1.0.15 |
Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
Microsoft.NETCore.ILAsm | 1.0.17 |
Microsoft.NETCore.ILDAsm | 1.0.17 |
Microsoft.NETCore.Jit | 1.0.17 |
Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
Microsoft.NETCore.Targets | 1.0.7 |
Microsoft.Private.PackageBaseline | 1.0.0-servicing-27415-03 |
runtime.any.System.Runtime | 4.1.2 |
runtime.aot.System.Runtime | 4.0.22 |
runtime.debian.8-x64.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.debian.8-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.debian.8-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.debian.8-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.debian.8-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.fedora.23-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.fedora.23-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.fedora.23-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.fedora.23-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.opensuse.13.2-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.opensuse.13.2-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.opensuse.13.2-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.opensuse.13.2-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.osx.10.10-x64.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.osx.10.10-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.osx.10.10-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.osx.10.10-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.osx.10.10-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.rhel.7-x64.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.rhel.7-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.rhel.7-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.rhel.7-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.rhel.7-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.ubuntu.14.04-x64.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.ubuntu.14.04-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.ubuntu.14.04-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.ubuntu.14.04-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.ubuntu.14.04-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.ubuntu.16.04-x64.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.ubuntu.16.04-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.ubuntu.16.04-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.ubuntu.16.04-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.ubuntu.16.04-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.unix.System.Private.Uri | 4.0.4 |
runtime.unix.System.Runtime.Extensions | 4.1.2 |
runtime.win.System.Runtime.Extensions | 4.1.2 |
runtime.win7.System.Private.Uri | 4.0.4 |
runtime.win7-x64.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.win7-x64.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.win7-x64.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.win7-x64.Microsoft.NETCore.Jit | 1.0.17 |
runtime.win7-x64.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
runtime.win7-x86.Microsoft.NETCore.DotNetHostPolicy | 1.0.15 |
runtime.win7-x86.Microsoft.NETCore.ILAsm | 1.0.17 |
runtime.win7-x86.Microsoft.NETCore.ILDAsm | 1.0.17 |
runtime.win7-x86.Microsoft.NETCore.Jit | 1.0.17 |
runtime.win7-x86.Microsoft.NETCore.Runtime.CoreCLR | 1.0.17 |
System.Private.Uri | 4.0.4 |
System.Runtime | 4.1.2 |
System.Runtime.Extensions | 4.1.2 |