Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Ubuntu 24.10: USN-7427-1 critical: dotnet denial of service

ubuntu
Calendar Grey April 8, 2025
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-7428-1 outlines a vulnerability in Python that could permit unauthorized access via manipulated requests.
.NET could be made to crash or run programs if it received specially crafted network traffic.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: .NET could be made to crash or run programs if it received specially crafted network traffic. Software Description: - dotnet8: .NET CLI tools and runtime - dotnet9: .NET CLI tools and runtime Details: James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service.

Topics%20covered

Topics Covered

security advisory Ubuntu service denial update instruction network issue dotnet

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10   aspnetcore-runtime-8.0          8.0.15-0ubuntu1~24.10.1   aspnetcore-runtime-9.0          9.0.4-0ubuntu1~24.10.1   dotnet-host-8.0                 8.0.15-0ubuntu1~24.10.1   dotnet-host-9.0                 9.0.4-0ubuntu1~24.10.1   dotnet-hostfxr-8.0              8.0.15-0ubuntu1~24.10.1   dotnet-hostfxr-9.0              9.0.4-0ubuntu1~24.10.1   dotnet-runtime-8.0              8.0.15-0ubuntu1~24.10.1   dotnet-runtime-9.0              9.0.4-0ubuntu1~24.10.1   dotnet-sdk-8.0                  8.0.115-0ubuntu1~24.10.1   dotnet-sdk-9.0                  9.0.105-0ubuntu1~24.10.1   dotnet-sdk-aot-9.0              9.0.105-0ubuntu1~24.10.1   dotnet8                         8.0.115-8.0.15-0ubuntu1~24.10.1   dotnet9                         9.0.105-9.0.4-0ubuntu1~24.10.1 Ubuntu 24.04 LTS   aspnetcore-runtime-8.0          8.0.15-0ubuntu1~24.04.1   dotnet-host-8.0                 8.0.15-0ubuntu1~24.04.1   dotnet-hostfxr-8.0              8.0.15-0ubuntu1~24.04.1   dotnet-runtime-8.0              8.0.15-0ubuntu1~24.04.1   dotnet-sdk-8.0                  8.0.115-0ubuntu1~24.04.1   dotnet8                         8.0.115-8.0.15-0ubuntu1~24.04.1 Ubuntu 22.04 LTS   aspnetcore-runtime-8.0          8.0.15-0ubuntu1~22.04.1   dotnet-host-8.0                 8.0.15-0ubuntu1~22.04.1   dotnet-hostfxr-8.0              8.0.15-0ubuntu1~22.04.1   dotnet-runtime-8.0              8.0.15-0ubuntu1~22.04.1   dotnet-sdk-8.0                  8.0.115-0ubuntu1~22.04.1   dotnet8                         8.0.115-8.0.15-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.

References

 

  CVE-2025-26682

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7427-1

Topics%20covered

Topics Covered

security advisory Ubuntu service denial update instruction network issue dotnet

Package Information

https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.10.1 https://launchpad.net/ubuntu/+source/dotnet9/9.0.105-9.0.4-0ubuntu1~24.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~22.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here