Ubuntu alert USN-8298-1 (dotnet8, dotnet9, dotnet10)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8298-1] .NET vulnerability | |
| Date: | Mon, 25 May 2026 21:52:58 +0000 | |
| Message-ID: | <E1wRdEI-0002Vt-6X@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8298-1 May 25, 2026 dotnet8, dotnet9, dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: .NET could be made to consume excessive resources if it received specially crafted network traffic. Software Description: - dotnet10: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime - dotnet9: .NET CLI tools and runtime Details: Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS aspnetcore-runtime-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-host-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-hostfxr-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-runtime-10.0 10.0.8-0ubuntu1~26.04.1 dotnet-sdk-10.0 10.0.108-0ubuntu1~26.04.1 dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~26.04.1 dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~26.04.1 dotnet10 10.0.108-10.0.8-0ubuntu1~26.04.1 Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.8-0ubuntu1~25.10.1 aspnetcore-runtime-8.0 8.0.27-0ubuntu1~25.10.1 aspnetcore-runtime-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.8-0ubuntu1~25.10.1 dotnet-host-8.0 8.0.27-0ubuntu1~25.10.1 dotnet-host-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.8-0ubuntu1~25.10.1 dotnet-hostfxr-8.0 8.0.27-0ubuntu1~25.10.1 dotnet-hostfxr-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.8-0ubuntu1~25.10.1 dotnet-runtime-8.0 8.0.27-0ubuntu1~25.10.1 dotnet-runtime-9.0 9.0.16-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-8.0 8.0.127-0ubuntu1~25.10.1 dotnet-sdk-9.0 9.0.117-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-aot-9.0 9.0.117-0ubuntu1~25.10.1 dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~25.10.1 dotnet-sdk-dbg-8.0 8.0.127-0ubuntu1~25.10.1 dotnet-sdk-dbg-9.0 9.0.117-0ubuntu1~25.10.1 dotnet10 10.0.108-10.0.8-0ubuntu1~25.10.1 dotnet8 8.0.127-8.0.27-0ubuntu1~25.10.1 dotnet9 9.0.117-9.0.16-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.8-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.8-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.8-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.8-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.27-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.108-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.127-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~24.04.1 dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~24.04.1 dotnet10 10.0.108-10.0.8-0ubuntu1~24.04.1 dotnet8 8.0.127-8.0.27-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.27-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.127-0ubuntu1~22.04.1 dotnet8 8.0.127-8.0.27-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8298-1 CVE-2026-42899 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.108-10... https://launchpad.net/ubuntu/+source/dotnet10/10.0.108-10... https://launchpad.net/ubuntu/+source/dotnet8/8.0.127-8.0.... https://launchpad.net/ubuntu/+source/dotnet9/9.0.117-9.0.... https://launchpad.net/ubuntu/+source/dotnet10/10.0.108-10... https://launchpad.net/ubuntu/+source/dotnet8/8.0.127-8.0.... https://launchpad.net/ubuntu/+source/dotnet8/8.0.127-8.0....
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoUxIMACgkQcpJm3tlz hgF+hRAAleZKuBGaEe2P4YHKjX+ol4KgOLj3nDpLTURJSrHlg3Z5LF1MUiFl4PRT xiDspmbgok+Wm0PeouhVG0cI2CLH5vSwnjGqNMhAd0Unq+/Sj0NoFNwxABTdUPRD 9eHjhH9jZM03bBkLwWweiIesnnTErN9qDYBtUK49u+AHVkw3SFW7QV170hysnELF vdjp/3ns4gUfZ2mCfEVufwnL/nyDrluyUkg8XAPhOEL3ig5o5ZjzIB6/rfLqlv3l q4SDa4golyxIYqUyJkKd2SyhBfJow1c+jL/dzLCt82bFKBeKnX80qFLGTTuZjJ2o bt1lgptSwhvFD0orZ+6iMAguTVx/mqPZ7/lu6tc1aIy0QEMWbbllbhNRINHamOcE o/CKM7dvc0FnDBlkmLau92aep2XKRl+rgv35+WKLVnGpxslij9xrdmh0zyvPPi8G C7bWmguM0rX+o5/4GYPZ6RFu8Q6teHdju+5SXt6oASkAr+gAFii31v5ntjWP18Xu mcXziqT+7YW14OtFwK+VFeBwNyHpH6vREernqwjxNWhdtDCz+GW4+514XBshhRoC 6yD6XJOU3STqZ61Y6OCioSlbeWENLAg9K1ZThB36aC+hHR4+f/oeSyXNp84eXqn2 GvnYTIpalleRTtcH/s2d0I9xsM94/e/bJSDWP82nEL1Dz6Un+g8= =OkRH -----END PGP SIGNATURE-----