|
|
Log in / Subscribe / Register

Ubuntu alert USN-8176-1 (dotnet8, dotnet9, dotnet10)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8176-1] .NET vulnerabilities


Date:
              Thu, 16 Apr 2026 11:59:03 +0000


Message-ID:
              <E1wDLN9-0003y4-6q@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8176-1
April 15, 2026

dotnet8, dotnet9, dotnet10 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml
library in .NET incorrectly handled certain XML inputs. An attacker could
possibly use this issue to consume excessive resources, resulting in a
denial of service. (CVE-2026-33116, CVE-2026-26171)

Ludvig Pedersen and Kevin Jones discovered that the
System.Security.Cryptography.Xml library in .NET incorrectly handled
certain XML inputs. An attacker could possibly use this issue to cause
.NET to crash, resulting in a denial of service. (CVE-2026-32203)

Ludvig Pedersen discovered that the System.Net.Mail component in .NET
incorrectly handled certain inputs. An attacker could possibly use this
issue to perform a network spoofing attack. (CVE-2026-32178)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  aspnetcore-runtime-10.0         10.0.6-0ubuntu1~25.10.1
  aspnetcore-runtime-8.0          8.0.26-0ubuntu1~25.10.1
  aspnetcore-runtime-9.0          9.0.15-0ubuntu1~25.10.1
  dotnet-host-10.0                10.0.6-0ubuntu1~25.10.1
  dotnet-host-8.0                 8.0.26-0ubuntu1~25.10.1
  dotnet-host-9.0                 9.0.15-0ubuntu1~25.10.1
  dotnet-hostfxr-10.0             10.0.6-0ubuntu1~25.10.1
  dotnet-hostfxr-8.0              8.0.26-0ubuntu1~25.10.1
  dotnet-hostfxr-9.0              9.0.15-0ubuntu1~25.10.1
  dotnet-runtime-10.0             10.0.6-0ubuntu1~25.10.1
  dotnet-runtime-8.0              8.0.26-0ubuntu1~25.10.1
  dotnet-runtime-9.0              9.0.15-0ubuntu1~25.10.1
  dotnet-sdk-10.0                 10.0.106-0ubuntu1~25.10.1
  dotnet-sdk-8.0                  8.0.126-0ubuntu1~25.10.1
  dotnet-sdk-9.0                  9.0.116-0ubuntu1~25.10.1
  dotnet-sdk-aot-10.0             10.0.106-0ubuntu1~25.10.1
  dotnet-sdk-aot-9.0              9.0.116-0ubuntu1~25.10.1
  dotnet10                        10.0.106-10.0.6-0ubuntu1~25.10.1
  dotnet8                         8.0.126-8.0.26-0ubuntu1~25.10.1
  dotnet9                         9.0.116-9.0.15-0ubuntu1~25.10.1

Ubuntu 24.04 LTS
  aspnetcore-runtime-10.0         10.0.6-0ubuntu1~24.04.1
  aspnetcore-runtime-8.0          8.0.26-0ubuntu1~24.04.1
  dotnet-host-10.0                10.0.6-0ubuntu1~24.04.1
  dotnet-host-8.0                 8.0.26-0ubuntu1~24.04.1
  dotnet-hostfxr-10.0             10.0.6-0ubuntu1~24.04.1
  dotnet-hostfxr-8.0              8.0.26-0ubuntu1~24.04.1
  dotnet-runtime-10.0             10.0.6-0ubuntu1~24.04.1
  dotnet-runtime-8.0              8.0.26-0ubuntu1~24.04.1
  dotnet-sdk-10.0                 10.0.106-0ubuntu1~24.04.1
  dotnet-sdk-8.0                  8.0.126-0ubuntu1~24.04.1
  dotnet-sdk-aot-10.0             10.0.106-0ubuntu1~24.04.1
  dotnet10                        10.0.106-10.0.6-0ubuntu1~24.04.1
  dotnet8                         8.0.126-8.0.26-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
  aspnetcore-runtime-8.0          8.0.26-0ubuntu1~22.04.1
  dotnet-host-8.0                 8.0.26-0ubuntu1~22.04.1
  dotnet-hostfxr-8.0              8.0.26-0ubuntu1~22.04.1
  dotnet-runtime-8.0              8.0.26-0ubuntu1~22.04.1
  dotnet-sdk-8.0                  8.0.126-0ubuntu1~22.04.1
  dotnet8                         8.0.126-8.0.26-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8176-1
  CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116

Package Information:
  https://launchpad.net/ubuntu/+source/dotnet10/10.0.106-10...
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.126-8.0....
  https://launchpad.net/ubuntu/+source/dotnet9/9.0.116-9.0....
  https://launchpad.net/ubuntu/+source/dotnet10/10.0.106-10...
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.126-8.0....
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.126-8.0....




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmngOPYACgkQcpJm3tlz
hgE2zhAAllrG21iqvrd1oKvZ0FVLnFG4F8o7UQFPyQhkjzFS4Ehsl34rrLxdl2/8
ArKhNn6pB1ZKzom17/GQXhBepIgFwcqcWhL8Mw4MYPrYV9rORSbwlNZwFAqYllUV
dNnZlQDqAtR+NIP4JZ+7IRVxQMSQ775vbPhnnQKGzLWdJiqwHOB7MUkABMGgJyOy
oAjvjQV7YwpEt3wDK1t1hKBHZKsnoBbkXgdkAGxF4xGOTzYtEydE743eWeT8vJ8c
ZukqkLooGHZ7VtWBM4eK19fgPytuSr65fjvody7i3CZoVQBqzYzTRmtUaroz8eps
vMdFg/pB8HM1UfG55xwxmpTnTa3ru3nvbpfaOPRqvuJMtO35NXg2PHp1LxDdXWI0
7zXrOre2WGS1DpeFx4xKzMwKD0rVzvjgUYH0tJ6ORJvvFU58UJYLPPPieWXLQUoW
wHTMN77h5CjVFk6JMdiDwN7elLMEo9oxUAiLNAGC/8FTXQd0YmiZYVmfX8Qak6pn
rGI9o3veYiqx4HnJzlHerrER9uxR6JYf3WHBxW26Gs++gmbq2uKoC8AAiJH5JdS2
J7eEWN0BSDRa1BrPy4iHGRwvrc1QK2mmIpWXcpERzaRjd4ttZDcggZ7QrbL7qMo0
5anFp7ON3XuiaMXOMN48YyhL2EdMXAU9baFgksUtxmxSHQCTeBw=
=tNKZ
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds