UbuntuUpdates.org

Package "dotnet8"

Name: dotnet8

Description:

.NET CLI tools and runtime
Latest version: 8.0.121-8.0.21-0ubuntu1~24.04.1
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet8"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet8" in Noble

Repository Area Version
base main 8.0.104-8.0.4-0ubuntu1
base universe 8.0.104-0ubuntu1
security main 8.0.121-8.0.21-0ubuntu1~24.04.1
security universe 8.0.121-0ubuntu1~24.04.1
updates universe 8.0.121-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.121-8.0.21-0ubuntu1~24.04.1 2025-10-14 22:07:28 UTC

  dotnet8 (8.0.121-8.0.21-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2025-55247: A vulnerability exists in .NET Core where predictable
      paths for MSBuild's temporary directories on Linux let another user
      create the directories ahead of MSBuild, leading to DoS of builds.
  * SECURITY UPDATE: validation bypass
    - CVE-2025-55315: Inconsistent interpretation of http requests
      ('http request/response smuggling') in ASP.NET Core allows an authorized
      attacker to bypass a security feature over a network.
  * SECURITY UPDATE: information disclosure
    - CVE-2025-55248: MITM (man in the middle) attacker may prevent use of TLS
      between client and SMTP server, forcing client to send data over
      unencrypted connection.
  * eng/test-runner: sync changes with upstream
  * tests/control, tests/regular-tests: sync changes with upstream
  * debian/rules: use release.json manifest instead of legacy text file

 -- Dominik Viererbe <email address hidden> Wed, 08 Oct 2025 13:49:14 +0300
Source diff to previous version
CVE-2025-55247 Improper link resolution before file access ('link following') in .NET ...
CVE-2025-55315 Inconsistent interpretation of http requests ('http request/response s ...
CVE-2025-55248 Inadequate encryption strength in .NET, .NET Framework, Visual Studio ...

Version: 8.0.120-8.0.20-0ubuntu1~24.04.1 2025-09-23 14:07:21 UTC

  dotnet8 (8.0.120-8.0.20-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2122356)

 -- Dominik Viererbe <email address hidden> Mon, 08 Sep 2025 20:48:08 +0300
Source diff to previous version
2122356 [SRU] New upstream microrelease .NET 8.0.120/8.0.20

Version: 8.0.119-8.0.19-0ubuntu1~24.04.1 2025-08-15 01:07:09 UTC

  dotnet8 (8.0.119-8.0.19-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2119537)

 -- Dominik Viererbe <email address hidden> Tue, 05 Aug 2025 16:37:26 +0300
Source diff to previous version
2119537 [SRU] New upstream microrelease .NET 8.0.119/8.0.19

Version: 8.0.118-8.0.18-0ubuntu1~24.04.1 2025-07-18 00:13:54 UTC

  dotnet8 (8.0.118-8.0.18-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2115829)

 -- Dominik Viererbe <email address hidden> Wed, 02 Jul 2025 16:38:30 +0300
Source diff to previous version
2115829 [SRU] New upstream microrelease .NET 8.0.118/8.0.18

Version: 8.0.117-8.0.17-0ubuntu1~24.04.1 2025-06-10 22:07:50 UTC

  dotnet8 (8.0.117-8.0.17-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2025-30399: DLL Hijacking Remote Code Execution Vulnerability.
      When using the Download File task in Microsoft.NETCore.App.Runtime,
      omitting the DestinationFileName in the task invocation may expose
      users to remote file hijacking if the server is malicious.

 -- Dominik Viererbe <email address hidden> Mon, 09 Jun 2025 12:16:30 +0300


About   -   Send Feedback to @ubuntu_updates