Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 25.04: USN-7509-1 critical risk of .NET spoofing attack

Calendar May 19, 2025 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory ubuntu spoofing dotnet runtime alevel
.NET could be used to perform spoofing over a network. 
==========================================================================
Ubuntu Security Notice USN-7509-1
May 16, 2025

dotnet8, dotnet9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

.NET could be used to perform spoofing over a network.

Software Description:
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle file names and paths
under certain conditions. An attacker could possibly use this issue to
perform spoofing over a network.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~25.04.1
  aspnetcore-runtime-9.0          9.0.5-0ubuntu1~25.04.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~25.04.1
  dotnet-host-9.0                 9.0.5-0ubuntu1~25.04.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~25.04.1
  dotnet-hostfxr-9.0              9.0.5-0ubuntu1~25.04.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~25.04.1
  dotnet-runtime-9.0              9.0.5-0ubuntu1~25.04.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~25.04.1
  dotnet-sdk-9.0                  9.0.106-0ubuntu1~25.04.1
  dotnet-sdk-aot-9.0              9.0.106-0ubuntu1~25.04.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~25.04.1
  dotnet9                         9.0.106-9.0.5-0ubuntu1~25.04.1

Ubuntu 24.10
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~24.10.1
  aspnetcore-runtime-9.0          9.0.5-0ubuntu1~24.10.1
  dotnet-apphost-pack-8.0         8.0.16-0ubuntu1~24.10.1
  dotnet-apphost-pack-9.0         9.0.5-0ubuntu1~24.10.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~24.10.1
  dotnet-host-9.0                 9.0.5-0ubuntu1~24.10.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~24.10.1
  dotnet-hostfxr-9.0              9.0.5-0ubuntu1~24.10.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~24.10.1
  dotnet-runtime-9.0              9.0.5-0ubuntu1~24.10.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~24.10.1
  dotnet-sdk-9.0                  9.0.106-0ubuntu1~24.10.1
  dotnet-sdk-aot-9.0              9.0.106-0ubuntu1~24.10.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~24.10.1
  dotnet9                         9.0.106-9.0.5-0ubuntu1~24.10.1

Ubuntu 24.04 LTS
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~24.04.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~24.04.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~24.04.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~24.04.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~24.04.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
  aspnetcore-runtime-8.0          8.0.16-0ubuntu1~22.04.1
  dotnet-host-8.0                 8.0.16-0ubuntu1~22.04.1
  dotnet-hostfxr-8.0              8.0.16-0ubuntu1~22.04.1
  dotnet-runtime-8.0              8.0.16-0ubuntu1~22.04.1
  dotnet-sdk-8.0                  8.0.116-0ubuntu1~22.04.1
  dotnet8                         8.0.116-8.0.16-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7509-1
  CVE-2025-26646

Package Information:
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~25.04.1
  https://launchpad.net/ubuntu/+source/dotnet9/9.0.106-9.0.5-0ubuntu1~25.04.1
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~24.10.1
  https://launchpad.net/ubuntu/+source/dotnet9/9.0.106-9.0.5-0ubuntu1~24.10.1
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~24.04.1
  https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~22.04.1

Ubuntu 25.04: USN-7509-1 critical risk of .NET spoofing attack

ubuntu
Calendar Grey May 19, 2025
Dist Ubuntu Esm H88
Ensure your Ubuntu installation is up to date to fix .NET vulnerabilities and safeguard against potential cyber threats.
.NET could be used to perform spoofing over a network.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: .NET could be used to perform spoofing over a network. Software Description: - dotnet8: .NET CLI tools and runtime - dotnet9: .NET CLI tools and runtime Details: It was discovered that .NET did not properly handle file names and paths under certain conditions. An attacker could possibly use this issue to perform spoofing over a network.

Topics%20covered

Topics Covered

security advisory ubuntu spoofing dotnet runtime alevel

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 aspnetcore-runtime-8.0 8.0.16-0ubuntu1~25.04.1 aspnetcore-runtime-9.0 9.0.5-0ubuntu1~25.04.1 dotnet-host-8.0 8.0.16-0ubuntu1~25.04.1 dotnet-host-9.0 9.0.5-0ubuntu1~25.04.1 dotnet-hostfxr-8.0 8.0.16-0ubuntu1~25.04.1 dotnet-hostfxr-9.0 9.0.5-0ubuntu1~25.04.1 dotnet-runtime-8.0 8.0.16-0ubuntu1~25.04.1 dotnet-runtime-9.0 9.0.5-0ubuntu1~25.04.1 dotnet-sdk-8.0 8.0.116-0ubuntu1~25.04.1 dotnet-sdk-9.0 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-aot-9.0 9.0.106-0ubuntu1~25.04.1 dotnet8 8.0.116-8.0.16-0ubuntu1~25.04.1 dotnet9 9.0.106-9.0.5-0ubuntu1~25.04.1 Ubuntu 24.10 aspnetcore-runtime-8.0 8.0.16-0ubuntu1~24.10.1 aspnetcore-runtime-9.0 9.0.5-0ubuntu1~24.10.1 dotnet-apphost-pack-8.0 8.0.16-0ubuntu1~24.10.1 dotnet-apphost-pack-9.0 9.0.5-0ubuntu1~24.10.1 dotnet-host-8.0 8.0.16-0ubuntu1~24.10.1 dotnet-host-9.0 9.0.5-0ubuntu1~24.10.1 dotnet-hostfxr-8.0 8.0.16-0ubuntu1~24.10.1 dotnet-hostfxr-9.0 9.0.5-0ubuntu1~24.10.1 dotnet-runtime-8.0 8.0.16-0ubuntu1~24.10.1 dotnet-runtime-9.0 9.0.5-0ubuntu1~24.10.1 dotnet-sdk-8.0 8.0.116-0ubuntu1~24.10.1 dotnet-sdk-9.0 9.0.106-0ubuntu1~24.10.1 dotnet-sdk-aot-9.0 9.0.106-0ubuntu1~24.10.1 dotnet8 8.0.116-8.0.16-0ubuntu1~24.10.1 dotnet9 9.0.106-9.0.5-0ubuntu1~24.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-8.0 8.0.16-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.16-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.16-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.16-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.116-0ubuntu1~24.04.1 dotnet8 8.0.116-8.0.16-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.16-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.16-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.16-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.16-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.116-0ubuntu1~22.04.1 dotnet8 8.0.116-8.0.16-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7509-1

CVE-2025-26646

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7509-1

Topics%20covered

Topics Covered

security advisory ubuntu spoofing dotnet runtime alevel

Package Information

https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~25.04.1 https://launchpad.net/ubuntu/+source/dotnet9/9.0.106-9.0.5-0ubuntu1~25.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~24.10.1 https://launchpad.net/ubuntu/+source/dotnet9/9.0.106-9.0.5-0ubuntu1~24.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.116-8.0.16-0ubuntu1~22.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here