Several security issues were fixed in .NET.
Software Description:
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime
Details:
It was discovered that .NET did not properly handle input provided to its
Convert.TryToHexString method. An attacker could possibly use this issue
to execute arbitrary code. (CVE-2025-21171)
It was discovered that .NET did not properly handle an integer overflow
when processing certain specially crafted files. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2025-21172)
Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled
temporary file usage which could result in malicious package dependency
injection. An attacker could possibly use this issue to elevate privileges.
(CVE-2025-21173)
It was discovered that .NET did not properly perform input data validation
when processing certain specially crafted files. An attacker could
possibly use this issue to execute arb...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 aspnetcore-runtime-8.0 8.0.12-0ubuntu1~24.10.1 aspnetcore-runtime-9.0 9.0.1-0ubuntu1~24.10.1 dotnet-host-8.0 8.0.12-0ubuntu1~24.10.1 dotnet-host-9.0 9.0.1-0ubuntu1~24.10.1 dotnet-hostfxr-8.0 8.0.12-0ubuntu1~24.10.1 dotnet-hostfxr-9.0 9.0.1-0ubuntu1~24.10.1 dotnet-runtime-8.0 8.0.12-0ubuntu1~24.10.1 dotnet-runtime-9.0 9.0.1-0ubuntu1~24.10.1 dotnet-sdk-8.0 8.0.112-0ubuntu1~24.10.1 dotnet-sdk-9.0 9.0.102-0ubuntu1~24.10.1 dotnet8 8.0.112-8.0.12-0ubuntu1~24.10.1 dotnet9 9.0.102-9.0.1-0ubuntu1~24.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-8.0 8.0.12-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.12-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.12-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.12-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.112-0ubuntu1~24.04.1 dotnet8 8.0.112-8.0.12-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.12-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.12-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.12-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.12-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.112-0ubuntu1~22.04.1 dotnet8 8.0.112-8.0.12-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7210-1
CVE-2025-21171, CVE-2025-21172, CVE-2025-21173, CVE-2025-21176
Get the latest Linux and open source security news straight to your inbox.