Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40 FEDORA-2025-0487787cb9 critical: .NET Remote Execution Threats

fedora
Calendar Grey January 29, 2025
Dist Fedora Esm H88
Fortify your Fedora environment: recent updates for .NET 9.0 improve resilience and mitigate remote execution vulnerabilities.

This is the January 2025 security and bugfix release for .NET 9.0

Summary

.NET is a fast, lightweight and modular platform for creating

cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web

applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of

framework libraries, an SDK containing compilers and a 'dotnet'

application to drive everything.

Update Information:

This is the January 2025 security and bugfix release for .NET 9.0. It updates the SDK to version 9.0.102 and Runtime to version 9.0.1. Release Notes: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.1/9.0.1.md

Topics%20covered

Topics Covered

security advisory fedora code execution threat dotnet runtime

Change Log

* Thu Jan 16 2025 Omair Majid <omajid@redhat.com> - 9.0.102-1 - Update to .NET SDK 9.0.102 and Runtime 9.0.1 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.101-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References


[ 1 ] Bug #2338057 - CVE-2025-21171 dotnet9.0: .NET Remote Code Execution Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338057 [ 2 ] Bug #2338063 - CVE-2025-21172 dotnet9.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338063 [ 3 ] Bug #2338068 - CVE-2025-21173 dotnet9.0: .NET Elevation of Privilege Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338068 [ 4 ] Bug #2338072 - CVE-2025-21176 dotnet9.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2338072

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0487787cb9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dotnet9.0
Product: Fedora 40
Version: 9.0.102
Release: 1.fc40
URL: https://github.com/dotnet/
Summary: .NET Runtime and SDK

Topics%20covered

Topics Covered

security advisory fedora code execution threat dotnet runtime

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here