Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 25.10 .NET Important Denial of Service USN-8176-1

ubuntu
Calendar Grey April 16, 2026
Dist Ubuntu Esm H88
Several security issues in .NET have been resolved for Ubuntu versions, ensuring system integrity and service availability.
Several security issues were fixed in .NET.

Summary

Several security issues were fixed in .NET.

Software Description:

- dotnet10: .NET CLI tools and runtime

- dotnet8: .NET CLI tools and runtime

- dotnet9: .NET CLI tools and runtime

Details:

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml

library in .NET incorrectly handled certain XML inputs. An attacker could

possibly use this issue to consume excessive resources, resulting in a

denial of service. (CVE-2026-33116, CVE-2026-26171)

Ludvig Pedersen and Kevin Jones discovered that the

System.Security.Cryptography.Xml library in .NET incorrectly handled

certain XML inputs. An attacker could possibly use this issue to cause

.NET to crash, resulting in a denial of service. (CVE-2026-32203)

Ludvig Pedersen discovered that the System.Net.Mail component in .NET

incorrectly handled certain inputs. An attacker could possibly use this

issue to perform a network spoofing attack. (CVE-2026-32178)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  aspnetcore-runtime-10.0         10.0.6-0ubuntu1~25.10.1
  aspnetcore-runtime-8.0          8.0.26-0ubuntu1~25.10.1
  aspnetcore-runtime-9.0          9.0.15-0ubuntu1~25.10.1
  dotnet-host-10.0                10.0.6-0ubuntu1~25.10.1
  dotnet-host-8.0                 8.0.26-0ubuntu1~25.10.1
  dotnet-host-9.0                 9.0.15-0ubuntu1~25.10.1
  dotnet-hostfxr-10.0             10.0.6-0ubuntu1~25.10.1
  dotnet-hostfxr-8.0              8.0.26-0ubuntu1~25.10.1
  dotnet-hostfxr-9.0              9.0.15-0ubuntu1~25.10.1
  dotnet-runtime-10.0             10.0.6-0ubuntu1~25.10.1
  dotnet-runtime-8.0              8.0.26-0ubuntu1~25.10.1
  dotnet-runtime-9.0              9.0.15-0ubuntu1~25.10.1
  dotnet-sdk-10.0                 10.0.106-0ubuntu1~25.10.1
  dotnet-sdk-8.0                  8.0.126-0ubuntu1~25.10.1
  dotnet-sdk-9.0                  9.0.116-0ubuntu1~25.10.1
  dotnet-sdk-aot-10.0             10.0.106-0ubuntu1~25.10.1
  dotnet-sdk-aot-9.0              9.0.116-0ubuntu1~25.10.1
  dotnet10                        10.0.106-10.0.6-0ubuntu1~25.10.1
  dotnet8                         8.0.126-8.0.26-0ubuntu1~25.10.1
  dotnet9                         9.0.116-9.0.15-0ubuntu1~25.10.1

Ubuntu 24.04 LTS
  aspnetcore-runtime-10.0         10.0.6-0ubuntu1~24.04.1
  aspnetcore-runtime-8.0          8.0.26-0ubuntu1~24.04.1
  dotnet-host-10.0                10.0.6-0ubuntu1~24.04.1
  dotnet-host-8.0                 8.0.26-0ubuntu1~24.04.1
  dotnet-hostfxr-10.0             10.0.6-0ubuntu1~24.04.1
  dotnet-hostfxr-8.0              8.0.26-0ubuntu1~24.04.1
  dotnet-runtime-10.0             10.0.6-0ubuntu1~24.04.1
  dotnet-runtime-8.0              8.0.26-0ubuntu1~24.04.1
  dotnet-sdk-10.0                 10.0.106-0ubuntu1~24.04.1
  dotnet-sdk-8.0                  8.0.126-0ubuntu1~24.04.1
  dotnet-sdk-aot-10.0             10.0.106-0ubuntu1~24.04.1
  dotnet10                        10.0.106-10.0.6-0ubuntu1~24.04.1
  dotnet8                         8.0.126-8.0.26-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
  aspnetcore-runtime-8.0          8.0.26-0ubuntu1~22.04.1
  dotnet-host-8.0                 8.0.26-0ubuntu1~22.04.1
  dotnet-hostfxr-8.0              8.0.26-0ubuntu1~22.04.1
  dotnet-runtime-8.0              8.0.26-0ubuntu1~22.04.1
  dotnet-sdk-8.0                  8.0.126-0ubuntu1~22.04.1
  dotnet8                         8.0.126-8.0.26-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8176-1

CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8176-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.