Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40 FEDORA-2025-16778d3c88 critical: dotnet8.0 remote execution

fedora
Calendar Grey January 29, 2025
Dist Fedora Esm H88
The .NET 8.0 release update for Fedora 40 addresses crucial security vulnerabilities and provides resolutions for various bugs.

This is the January 2025 security and bugfix release for .NET 8.0

Summary

.NET is a fast, lightweight and modular platform for creating

cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web

applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of

framework libraries, an SDK containing compilers and a 'dotnet'

application to drive everything.

Update Information:

This is the January 2025 security and bugfix release for .NET 8.0. It updates the SDK to version 8.0.112 and Runtime to version 8.0.12. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.112.md Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.12.md

Topics%20covered

Topics Covered

security advisory fedora remote code execution privilege escalation update information bug fixes dotnet

Change Log

* Thu Jan 16 2025 Omair Majid <omajid@redhat.com> - 8.0.112-1 - Update to .NET SDK 8.0.112 and Runtime 8.0.12 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Tue Dec 10 2024 Omair Majid <omajid@redhat.com> - 8.0.111-2 - Fix ELN build - Resolves: RHBZ#2321109

References


[ 1 ] Bug #2338062 - CVE-2025-21172 dotnet8.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338062 [ 2 ] Bug #2338067 - CVE-2025-21173 dotnet8.0: .NET Elevation of Privilege Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338067 [ 3 ] Bug #2338071 - CVE-2025-21176 dotnet8.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338071

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-16778d3c88' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dotnet8.0
Product: Fedora 40
Version: 8.0.112
Release: 1.fc40
URL: https://github.com/dotnet/
Summary: .NET Runtime and SDK

Topics%20covered

Topics Covered

security advisory fedora remote code execution privilege escalation update information bug fixes dotnet

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here