Alerts This Week
Warning Icon 1 792
Alerts This Week
Warning Icon 1 792

Ubuntu 26.04 LTS Dotnet Critical Denial of Service Threat USN-8420-1

ubuntu
Calendar Grey June 11, 2026
Dist Ubuntu Esm H88
Security fixes for .NET on multiple Ubuntu versions include mitigating file tampering and denial of service threats.
Several security issues were fixed in .NET.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet10: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime - dotnet9: .NET CLI tools and runtime Details: It was discovered that .NET did not properly handle link resolution before file access. A local attacker could use this issue to perform unauthorized file tampering and write arbitrary files outside of the intended extraction directory. (CVE-2026-45491) It was discovered that .NET did not properly handle deeply-nested MessagePack arrays. An attacker could use this to cause .NET to consume excessive resources, resulting in a denial of service. (CVE-2026-45591)

Topics%20covered

Topics Covered

security advisory moderate denial of service Ubuntu dotnet file tampering

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS aspnetcore-runtime-10.0 10.0.9-0ubuntu1~26.04.1 dotnet-host-10.0 10.0.9-0ubuntu1~26.04.1 dotnet-hostfxr-10.0 10.0.9-0ubuntu1~26.04.1 dotnet-runtime-10.0 10.0.9-0ubuntu1~26.04.1 dotnet-sdk-10.0 10.0.109-0ubuntu1~26.04.1 dotnet-sdk-aot-10.0 10.0.109-0ubuntu1~26.04.1 dotnet-sdk-dbg-10.0 10.0.109-0ubuntu1~26.04.1 dotnet10 10.0.109-10.0.9-0ubuntu1~26.04.1 Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.9-0ubuntu1~25.10.1 aspnetcore-runtime-8.0 8.0.28-0ubuntu1~25.10.1 aspnetcore-runtime-9.0 9.0.17-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.9-0ubuntu1~25.10.1 dotnet-host-8.0 8.0.28-0ubuntu1~25.10.1 dotnet-host-9.0 9.0.17-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.9-0ubuntu1~25.10.1 dotnet-hostfxr-8.0 8.0.28-0ubuntu1~25.10.1 dotnet-hostfxr-9.0 9.0.17-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.9-0ubuntu1~25.10.1 dotnet-runtime-8.0 8.0.28-0ubuntu1~25.10.1 dotnet-runtime-9.0 9.0.17-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.109-0ubuntu1~25.10.1 dotnet-sdk-8.0 8.0.128-0ubuntu1~25.10.1 dotnet-sdk-9.0 9.0.118-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.109-0ubuntu1~25.10.1 dotnet-sdk-aot-9.0 9.0.118-0ubuntu1~25.10.1 dotnet-sdk-dbg-10.0 10.0.109-0ubuntu1~25.10.1 dotnet-sdk-dbg-9.0 9.0.118-0ubuntu1~25.10.1 dotnet10 10.0.109-10.0.9-0ubuntu1~25.10.1 dotnet8 8.0.128-8.0.28-0ubuntu1~25.10.1 dotnet9 9.0.118-9.0.17-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.9-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.28-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.9-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.28-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.9-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.28-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.9-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.28-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.109-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.128-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.109-0ubuntu1~24.04.1 dotnet-sdk-dbg-10.0 10.0.109-0ubuntu1~24.04.1 dotnet10 10.0.109-10.0.9-0ubuntu1~24.04.1 dotnet8 8.0.128-8.0.28-0ubuntu1~24.04.1 Ubuntu 22.04 LTS aspnetcore-runtime-8.0 8.0.28-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.28-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.28-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.28-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.128-0ubuntu1~22.04.1 dotnet8 8.0.128-8.0.28-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8420-1

CVE-2026-45491, CVE-2026-45591

Severity
moderate
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8420-1

Topics%20covered

Topics Covered

security advisory moderate denial of service Ubuntu dotnet file tampering

Package Information

https://launchpad.net/ubuntu/+source/dotnet10/10.0.109-10.0.9-0ubuntu1~26.04.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.109-10.0.9-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.128-8.0.28-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet9/9.0.118-9.0.17-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.109-10.0.9-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.128-8.0.28-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.128-8.0.28-0ubuntu1~22.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here