Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 25.04: USN-7509-1 critical risk of .NET spoofing attack

ubuntu
Calendar Grey May 19, 2025
Dist Ubuntu Esm H88
Ensure your Ubuntu installation is up to date to fix .NET vulnerabilities and safeguard against potential cyber threats.
.NET could be used to perform spoofing over a network.

Summary

.NET could be used to perform spoofing over a network.

Software Description:

- dotnet8: .NET CLI tools and runtime

- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle file names and paths

under certain conditions. An attacker could possibly use this issue to

perform spoofing over a network.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~25.04.1
  aspnetcore-runtime-9.0          9.0.5-0ubuntu1~25.04.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~25.04.1
  dotnet-host-9.0                 9.0.5-0ubuntu1~25.04.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~25.04.1
  dotnet-hostfxr-9.0              9.0.5-0ubuntu1~25.04.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~25.04.1
  dotnet-runtime-9.0              9.0.5-0ubuntu1~25.04.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~25.04.1
  dotnet-sdk-9.0                  9.0.106-0ubuntu1~25.04.1
  dotnet-sdk-aot-9.0              9.0.106-0ubuntu1~25.04.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~25.04.1
  dotnet9                         9.0.106-9.0.5-0ubuntu1~25.04.1

Ubuntu 24.10
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~24.10.1
  aspnetcore-runtime-9.0          9.0.5-0ubuntu1~24.10.1
  dotnet-apphost-pack-8.0         8.0.16-0ubuntu1~24.10.1
  dotnet-apphost-pack-9.0         9.0.5-0ubuntu1~24.10.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~24.10.1
  dotnet-host-9.0                 9.0.5-0ubuntu1~24.10.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~24.10.1
  dotnet-hostfxr-9.0              9.0.5-0ubuntu1~24.10.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~24.10.1
  dotnet-runtime-9.0              9.0.5-0ubuntu1~24.10.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~24.10.1
  dotnet-sdk-9.0                  9.0.106-0ubuntu1~24.10.1
  dotnet-sdk-aot-9.0              9.0.106-0ubuntu1~24.10.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~24.10.1
  dotnet9                         9.0.106-9.0.5-0ubuntu1~24.10.1

Ubuntu 24.04 LTS
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~24.04.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~24.04.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~24.04.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~24.04.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~24.04.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~22.04.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~22.04.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~22.04.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~22.04.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~22.04.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7509-1

CVE-2025-26646

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7509-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here