Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: FEDORA-2025-2eb86c0cbf critical: dotnet9.0 execution exploits

fedora
Calendar Grey January 29, 2025
Dist Fedora Esm H88
Announcement regarding the security patch and bug fix update for Fedora 41's .NET 9.0, focusing on resolving various remote execution vulnerabilities.

This is the January 2025 security and bugfix release for .NET 9.0

Summary

.NET is a fast, lightweight and modular platform for creating

cross platform applications that work on Linux, macOS and Windows.

It particularly focuses on creating console applications, web

applications and micro-services.

.NET contains a runtime conforming to .NET Standards a set of

framework libraries, an SDK containing compilers and a 'dotnet'

application to drive everything.

Update Information:

This is the January 2025 security and bugfix release for .NET 9.0. It updates the SDK to version 9.0.102 and Runtime to version 9.0.1. Release Notes: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.1/9.0.1.md

Topics%20covered

Topics Covered

security advisory security issue Fedora remote code execution dotnet bugfix release

Change Log

* Thu Jan 16 2025 Omair Majid <omajid@redhat.com> - 9.0.102-1 - Update to .NET SDK 9.0.102 and Runtime 9.0.1 * Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.101-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References


[ 1 ] Bug #2338058 - CVE-2025-21171 dotnet9.0: .NET Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338058 [ 2 ] Bug #2338065 - CVE-2025-21172 dotnet9.0: .NET and Visual Studio Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338065 [ 3 ] Bug #2338070 - CVE-2025-21173 dotnet9.0: .NET Elevation of Privilege Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338070 [ 4 ] Bug #2338074 - CVE-2025-21176 dotnet9.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338074

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2eb86c0cbf' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: dotnet9.0
Product: Fedora 41
Version: 9.0.102
Release: 1.fc41
URL: https://github.com/dotnet/
Summary: .NET Runtime and SDK

Topics%20covered

Topics Covered

security advisory security issue Fedora remote code execution dotnet bugfix release

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here