|
|
Log in / Subscribe / Register

Ubuntu alert USN-8215-1 (dotnet10)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8215-1] .NET vulnerability


Date:
              Wed, 29 Apr 2026 08:03:15 +0000


Message-ID:
              <E1wHzt5-00020o-UY@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8215-1
April 28, 2026

dotnet10 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

.NET could be made to crash or run programs as an administrator.

Software Description:
- dotnet10: .NET CLI tools and runtime

Details:

It was discovered that the Microsoft.AspNetCore.DataProtection library in
.NET did not properly verify cryptographic signatures under certain
conditions. A remote attacker could possibly use this issue to elevate
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  aspnetcore-runtime-10.0         10.0.7-0ubuntu1~25.10.1
  dotnet-host-10.0                10.0.7-0ubuntu1~25.10.1
  dotnet-hostfxr-10.0             10.0.7-0ubuntu1~25.10.1
  dotnet-runtime-10.0             10.0.7-0ubuntu1~25.10.1
  dotnet-sdk-10.0                 10.0.107-0ubuntu1~25.10.1
  dotnet-sdk-aot-10.0             10.0.107-0ubuntu1~25.10.1
  dotnet10                        10.0.107-10.0.7-0ubuntu1~25.10.1

Ubuntu 24.04 LTS
  aspnetcore-runtime-10.0         10.0.7-0ubuntu1~24.04.1
  dotnet-host-10.0                10.0.7-0ubuntu1~24.04.1
  dotnet-hostfxr-10.0             10.0.7-0ubuntu1~24.04.1
  dotnet-runtime-10.0             10.0.7-0ubuntu1~24.04.1
  dotnet-sdk-10.0                 10.0.107-0ubuntu1~24.04.1
  dotnet-sdk-aot-10.0             10.0.107-0ubuntu1~24.04.1
  dotnet10                        10.0.107-10.0.7-0ubuntu1~24.04.1

After a standard system update, it is recommended to rotate the
DataProtection key ring.

References:
  https://ubuntu.com/security/notices/USN-8215-1
  CVE-2026-40372

Package Information:
  https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10...
  https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnxCbMACgkQcpJm3tlz
hgGRTw//XxKqQoW2A2YksqPeR+yYxIdqkbYFs0WVEXBd0O7FMEfwOR9lhKLgNhHu
r65Jw3ZHyiNc9gibDG61y1mbCWWkwlWpHdDr3LdpnbqKRa/NPDj/huJMyaTYvgAu
tprv1CwwUG1x08rzDdmUn9yfibFZaqvFY/PqRZ6PXut9El06c3WhPKlE4mghrX6X
OWr+9QP3p008Kv2uHnG5FFUOBgcUEkE5CT5IH86+gsQr+WwhnSzgUyullg6SLq/e
KKUtfampi0lJZ/hYBFeuiSYlHTwTZwwlcR1JgyjiqfeDLquTJxcK2nlc5K96/A/r
Hvp+LR1T1hGhO6/XLFNkwZ9mlyqz7U/QS5jWW8TjpH896za7tWtMw0GZIYlquXk4
lvtTgNlcAan539lnGKjDCQbbteMVFfXLwxJtIhpToHQ8PU7Ibd/8vTwxyGA7NAGf
eEPMYfnXdPf68D/zCAS9i8AJ9L77BiJPNeeSeqYdjkGVtCyj7Ecc/29YbymkRZTv
qT/ltP2RpY4Ef1ZyG862eQzEGUvE3xZKvIs3VISzgqIbKrmfVhBppKECNfzhpBLh
EUXszLYWoXMTXIkEmXjGCrU1lwiHUsiNNbrDdXbEkrSt2fvJuHN1X4VfMSTo9Z1M
IgycwkyXfureVt917jXoj7PSjnIbttYL/OiZ3jmYASBJO43gU80=
=j/+b
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds