Explore top 10 tips to secure your open-source projects now. Read More
×.NET could be made to crash or run programs as an administrator.. ========================================================================== Ubuntu Security Notice USN-8215-1 April 28, 2026 dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: .NET could be made to crash or run programs as an administrator. Software Description: - dotnet10: .NET CLI tools and runtime Details: It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~25.10.1 dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~24.04.1 dotnet10 10.0.107-10.0.7-0ubuntu1~24.04.1 After a standard system update, it is recommended to rotate the DataProtection key ring. References: https://ubuntu.com/security/notices/USN-8215-1 CVE-2026-40372 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~24.04.1 . Critical .NET vulnerability in Ubuntu allows privilege elevation and remote code execution. Update systems promptly for security.. dotnet, ubuntu, security advisory, privilege elevation, remote execution. . Severity: Critical. LinuxSecurity.com Team
RapidJSON could be made to crash or run programs as an administrator if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-8189-1 April 20, 2026 rapidjson vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: RapidJSON could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description: - rapidjson: A fast JSON parser/generator for C++ Details: It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when parsing JSON text. A remote attacker could possibly use this issue to craft a malicious JSON file, that when read by RapidJSON, would lead to an elevation of privilege, resulting in the potential disclosure of sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS rapidjson-dev 1.1.0+dfsg2-7.2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS rapidjson-dev 1.1.0+dfsg2-7ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS rapidjson-dev 1.1.0+dfsg2-5ubuntu1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS rapidjson-dev 1.1.0+dfsg2-3ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS rapidjson-dev 0.12~git20141031-3ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8189-1 CVE-2024-39684 . RapidJSON in Ubuntucould crash or run programs due to integer overflow, urging updates for security measures.. Ubuntu Security Notice, RapidJSON, JSON Parser Security, Elevation of Privilege, Integer Overflow. . Severity: Important. LinuxSecurity.com Team
* bsc#1239460 Cross-References: * CVE-2025-24049 . # Security update for azure-cli-core Announcement ID: SUSE-SU-2025:1182-1 Release Date: 2025-04-09T10:12:44Z Rating: important References: * bsc#1239460 Cross-References: * CVE-2025-24049 CVSS scores: * CVE-2025-24049 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-24049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-24049 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Public Cloud Module 15-SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for azure-cli-core fixes the following issues: * CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally (bsc#1239460) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-1182=1 ## Package List: * Public Cloud Module 15-SP3 (noarch) * azure-cli-core-2.36.0-150200.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-24049.html * https://bugzilla.suse.com/show_bug.cgi?id=1239460 . Essential patch for azure-cli-core on SUSE resolving elevation of privilege vulnerability. Apply suggested updates promptly.. Azure CLI Core Security, SUSE Security Update, Privilege Escalation Fix. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for azure-cli-core Announcement ID: SUSE-SU-2025:1019-1 Release Date: 2025-03-26T10:27:44Z Rating: important References: * bsc#1239460 Cross-References: * CVE-2025-24049 CVSS scores: * CVE-2025-24049 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-24049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-24049 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for azure-cli-core fixes the following issues: * CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally (bsc#1239460). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-1019=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1019=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-1019=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-1019=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-1019=1 ## Package List: * openSUSE Leap 15.4 (noarch) * azure-cli-core-2.58.0-150400.14.6.1 * openSUSE Leap 15.6 (noarch) * azure-cli-core-2.58.0-150400.14.6.1 * Public Cloud Module 15-SP4 (noarch) * azure-cli-core-2.58.0-150400.14.6.1 * Public Cloud Module 15-SP5 (noarch) * azure-cli-core-2.58.0-150400.14.6.1 * Public Cloud Module 15-SP6 (noarch) * azure-cli-core-2.58.0-150400.14.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-24049.html * https://bugzilla.suse.com/show_bug.cgi?id=1239460 . An important advisory for openSUSE addressing an elevation of privilege issue in azure-cli-core, CVE-2025-24049.. update, solves, vulnerability, installed, security, azure-cli-core. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in proftpd-dfsg.. ========================================================================== Ubuntu Security Notice USN-7297-1 February 25, 2025 ProFTPD vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in proftpd-dfsg. Software Description: - proftpd-dfsg: Versatile, virtual-hosting FTP daemon Details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795) Martin Mirchev discovered that ProFTPD did not properly validate user input over the network. An attacker could use this vulnerability to crash ProFTPD or execute arbitrary code. (CVE-2023-51713) Brian Ristuccia discovered that ProFTPD incorrectly inherited groups from the parent process. An attacker could use this vulnerability to elevate privileges. (CVE-2024-48651) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 proftpd-core 1.3.8.b+dfsg-2ubuntu1.24.10.1 Ubuntu 24.04 LTS proftpd-core 1.3.8.b+dfsg-1ubuntu0.1 Ubuntu 22.04 LTS proftpd-basic 1.3.7c+dfsg-1ubuntu0.1 proftpd-core 1.3.7c+dfsg-1ubuntu0.1 Ubuntu 20.04 LTS proftpd-basic 1.3.6c-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7297-1 CVE-2023-48795, CVE-2023-51713, CVE-2024-48651 Package Information: https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.8.b+dfsg-2ubuntu1.24.10.1 https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.8.b+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.7c+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.6c-2ubuntu0.1 . The CVE-2023-3456 security bulletin for OpenSSH highlights severe holes across various Debian distributions, bolstering platform security.. Ubuntu ProFTPD Security, ProFTPD Threats, Linux Security Patches. . Severity: Critical. LinuxSecurity.com Team
Important: .NET 8.0 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:0381", "synopsis": "Important: .NET 8.0 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dotnet8.0.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12.\n\nSecurity Fix(es):\n\n* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):\n\n* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n\n* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\n* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2337893", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337893", "description": ""}, {"ticket": "2337926", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337926", "description": ""}, {"ticket":"2337927", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337927", "description": ""}], "cves": [{"name": "CVE-2025-21172", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21172", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2025-21173", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21173", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2025-21176", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21176", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-02-13T20:34:26.141542Z", "rpms": {"Rocky Linux 8": {"nvras": ["aspnetcore-runtime-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "aspnetcore-runtime-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "aspnetcore-runtime-dbg-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "aspnetcore-runtime-dbg-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "aspnetcore-targeting-pack-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "aspnetcore-targeting-pack-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet8.0-0:8.0.112-1.el8_10.src.rpm", "dotnet8.0-debuginfo-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet8.0-debuginfo-0:8.0.112-1.el8_10.x86_64.rpm", "dotnet8.0-debugsource-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet8.0-debugsource-0:8.0.112-1.el8_10.x86_64.rpm", "dotnet-apphost-pack-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-apphost-pack-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-apphost-pack-8.0-debuginfo-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-apphost-pack-8.0-debuginfo-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-hostfxr-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-hostfxr-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-hostfxr-8.0-debuginfo-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-hostfxr-8.0-debuginfo-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-runtime-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-runtime-8.0-0:8.0.12-1.el8_10.x86_64.rpm","dotnet-runtime-8.0-debuginfo-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-runtime-8.0-debuginfo-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-runtime-dbg-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-runtime-dbg-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-sdk-8.0-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet-sdk-8.0-0:8.0.112-1.el8_10.x86_64.rpm", "dotnet-sdk-8.0-debuginfo-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet-sdk-8.0-debuginfo-0:8.0.112-1.el8_10.x86_64.rpm", "dotnet-sdk-8.0-source-built-artifacts-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet-sdk-8.0-source-built-artifacts-0:8.0.112-1.el8_10.x86_64.rpm", "dotnet-sdk-dbg-8.0-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet-sdk-dbg-8.0-0:8.0.112-1.el8_10.x86_64.rpm", "dotnet-targeting-pack-8.0-0:8.0.12-1.el8_10.aarch64.rpm", "dotnet-targeting-pack-8.0-0:8.0.12-1.el8_10.x86_64.rpm", "dotnet-templates-8.0-0:8.0.112-1.el8_10.aarch64.rpm", "dotnet-templates-8.0-0:8.0.112-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Major patch for .NET 8.0 addresses significant security flaws in Rocky Linux 8, including the potential for remote code execution exploits.. Rocky Linux 8, .NET security, Remote Code Execution, security update. . Severity: Important. LinuxSecurity.com Team
Important: .NET 9.0 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:0382", "synopsis": "Important: .NET 9.0 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for dotnet9.0.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1.\n\nSecurity Fix(es):\n\n* dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)\n* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):\n\n* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)\n\n* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)\n\n* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)\n\n* dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2337893", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337893", "description": ""}, {"ticket":"2337926", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337926", "description": ""}, {"ticket": "2337927", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337927", "description": ""}, {"ticket": "2337958", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2337958", "description": ""}], "cves": [{"name": "CVE-2025-21171", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21171", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2025-21172", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21172", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2025-21173", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21173", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2025-21176", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-21176", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-02-13T20:34:26.141542Z", "rpms": {"Rocky Linux 8": {"nvras": ["aspnetcore-runtime-9.0-0:9.0.1-1.el8_10.aarch64.rpm", "aspnetcore-runtime-9.0-0:9.0.1-1.el8_10.x86_64.rpm", "aspnetcore-targeting-pack-9.0-0:9.0.1-1.el8_10.aarch64.rpm", "aspnetcore-targeting-pack-9.0-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet-0:9.0.102-1.el8_10.x86_64.rpm", "dotnet9.0-0:9.0.102-1.el8_10.src.rpm", "dotnet9.0-debuginfo-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet9.0-debuginfo-0:9.0.102-1.el8_10.x86_64.rpm", "dotnet9.0-debugsource-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet9.0-debugsource-0:9.0.102-1.el8_10.x86_64.rpm", "dotnet-apphost-pack-9.0-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-apphost-pack-9.0-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-apphost-pack-9.0-debuginfo-0:9.0.1-1.el8_10.aarch64.rpm","dotnet-apphost-pack-9.0-debuginfo-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-host-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-host-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-host-debuginfo-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-host-debuginfo-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-hostfxr-9.0-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-hostfxr-9.0-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-hostfxr-9.0-debuginfo-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-hostfxr-9.0-debuginfo-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-runtime-9.0-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-runtime-9.0-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-runtime-9.0-debuginfo-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-runtime-9.0-debuginfo-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-sdk-9.0-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet-sdk-9.0-0:9.0.102-1.el8_10.x86_64.rpm", "dotnet-sdk-9.0-debuginfo-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet-sdk-9.0-debuginfo-0:9.0.102-1.el8_10.x86_64.rpm", "dotnet-sdk-9.0-source-built-artifacts-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet-sdk-9.0-source-built-artifacts-0:9.0.102-1.el8_10.x86_64.rpm", "dotnet-targeting-pack-9.0-0:9.0.1-1.el8_10.aarch64.rpm", "dotnet-targeting-pack-9.0-0:9.0.1-1.el8_10.x86_64.rpm", "dotnet-templates-9.0-0:9.0.102-1.el8_10.aarch64.rpm", "dotnet-templates-9.0-0:9.0.102-1.el8_10.x86_64.rpm", "netstandard-targeting-pack-2.1-0:9.0.102-1.el8_10.aarch64.rpm", "netstandard-targeting-pack-2.1-0:9.0.102-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Recent .NET 9.0 updates focus on security improvements, especially for Rocky Linux users, addressing remote code execution threats effectively in applications.. dotnet security update, Rocky Linux advisory, .NET 9.0 update, security patch. . Severity: Important. LinuxSecurity.com Team
This is the January 2025 security and bugfix release for .NET 8.0. It updates the SDK to version 8.0.112 and Runtime to version 8.0.12. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.112.md . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-bd8f5a599b 2025-01-29 05:01:23.704604+00:00 -------------------------------------------------------------------------------- Name : dotnet8.0 Product : Fedora 41 Version : 8.0.112 Release : 1.fc41 URL : https://github.com/dotnet/ Summary : .NET Runtime and SDK Description : .NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. -------------------------------------------------------------------------------- Update Information: This is the January 2025 security and bugfix release for .NET 8.0. It updates the SDK to version 8.0.112 and Runtime to version 8.0.12. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.112.md Runtime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.12/8.0.12.md -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Omair Majid - 8.0.112-1 - Update to .NET SDK 8.0.112 and Runtime 8.0.12 * Thu Jan 16 2025 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Tue Dec 10 2024 Omair Majid - 8.0.111-2 - Fix ELN build - Resolves: RHBZ#2321109 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2338064 - CVE-2025-21172 dotnet8.0:.NET and Visual Studio Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338064 [ 2 ] Bug #2338069 - CVE-2025-21173 dotnet8.0: .NET Elevation of Privilege Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338069 [ 3 ] Bug #2338073 - CVE-2025-21176 dotnet8.0: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2338073 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bd8f5a599b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.