Explore top 10 tips to secure your open-source projects now. Read More
×
.NET could be made to crash or run programs as an administrator.
Software Description:
- dotnet10: .NET CLI tools and runtime
Details:
It was discovered that the Microsoft.AspNetCore.DataProtection library in
.NET did not properly verify cryptographic signatures under certain
conditions. A remote attacker could possibly use this issue to elevate
privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~25.10.1 dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~24.04.1 dotnet10 10.0.107-10.0.7-0ubuntu1~24.04.1 After a standard system update, it is recommended to rotate the DataProtection key ring.
https://ubuntu.com/security/notices/USN-8215-1
CVE-2026-40372
Get the latest Linux and open source security news straight to your inbox.