Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04/22.04 LTS: USN-7210-1 critical: dotnet code execution

ubuntu
Calendar Grey January 16, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities in .NET resolved in the Ubuntu security notice USN-7210-1. It is advised to update systems accordingly.
Several security issues were fixed in .NET.

Summary

Several security issues were fixed in .NET.

Software Description:

- dotnet8: .NET CLI tools and runtime

- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle input provided to its

Convert.TryToHexString method. An attacker could possibly use this issue

to execute arbitrary code. (CVE-2025-21171)

It was discovered that .NET did not properly handle an integer overflow

when processing certain specially crafted files. An attacker could

possibly use this issue to execute arbitrary code. (CVE-2025-21172)

Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled

temporary file usage which could result in malicious package dependency

injection. An attacker could possibly use this issue to elevate privileges.

(CVE-2025-21173)

It was discovered that .NET did not properly perform input data validation

when processing certain specially crafted files. An attacker could

possibly use this issue to execute arb...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   aspnetcore-runtime-8.0          8.0.12-0ubuntu1~24.10.1
   aspnetcore-runtime-9.0          9.0.1-0ubuntu1~24.10.1
   dotnet-host-8.0                 8.0.12-0ubuntu1~24.10.1
   dotnet-host-9.0                 9.0.1-0ubuntu1~24.10.1
   dotnet-hostfxr-8.0              8.0.12-0ubuntu1~24.10.1
   dotnet-hostfxr-9.0              9.0.1-0ubuntu1~24.10.1
   dotnet-runtime-8.0              8.0.12-0ubuntu1~24.10.1
   dotnet-runtime-9.0              9.0.1-0ubuntu1~24.10.1
   dotnet-sdk-8.0                  8.0.112-0ubuntu1~24.10.1
   dotnet-sdk-9.0                  9.0.102-0ubuntu1~24.10.1
   dotnet8                         8.0.112-8.0.12-0ubuntu1~24.10.1
   dotnet9                         9.0.102-9.0.1-0ubuntu1~24.10.1

Ubuntu 24.04 LTS
   aspnetcore-runtime-8.0          8.0.12-0ubuntu1~24.04.1
   dotnet-host-8.0                 8.0.12-0ubuntu1~24.04.1
   dotnet-hostfxr-8.0              8.0.12-0ubuntu1~24.04.1
   dotnet-runtime-8.0              8.0.12-0ubuntu1~24.04.1
   dotnet-sdk-8.0                  8.0.112-0ubuntu1~24.04.1
   dotnet8                         8.0.112-8.0.12-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
   aspnetcore-runtime-8.0          8.0.12-0ubuntu1~22.04.1
   dotnet-host-8.0                 8.0.12-0ubuntu1~22.04.1
   dotnet-hostfxr-8.0              8.0.12-0ubuntu1~22.04.1
   dotnet-runtime-8.0              8.0.12-0ubuntu1~22.04.1
   dotnet-sdk-8.0                  8.0.112-0ubuntu1~22.04.1
   dotnet8                         8.0.112-8.0.12-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7210-1

  CVE-2025-21171, CVE-2025-21172, CVE-2025-21173, CVE-2025-21176

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7210-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here