UbuntuUpdates.org

Package "dotnet8"

Name: dotnet8

Description:

.NET CLI tools and runtime
Latest version: 8.0.118-8.0.18-0ubuntu1~24.04.1
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet8"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet8" in Noble

Repository Area Version
base main 8.0.104-8.0.4-0ubuntu1
base universe 8.0.104-0ubuntu1
security main 8.0.117-8.0.17-0ubuntu1~24.04.1
security universe 8.0.117-0ubuntu1~24.04.1
updates universe 8.0.118-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.118-8.0.18-0ubuntu1~24.04.1 2025-07-18 00:13:54 UTC

  dotnet8 (8.0.118-8.0.18-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2115829)

 -- Dominik Viererbe <email address hidden> Wed, 02 Jul 2025 16:38:30 +0300
Source diff to previous version
2115829 [SRU] New upstream microrelease .NET 8.0.118/8.0.18

Version: 8.0.117-8.0.17-0ubuntu1~24.04.1 2025-06-10 22:07:50 UTC

  dotnet8 (8.0.117-8.0.17-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2025-30399: DLL Hijacking Remote Code Execution Vulnerability.
      When using the Download File task in Microsoft.NETCore.App.Runtime,
      omitting the DestinationFileName in the task invocation may expose
      users to remote file hijacking if the server is malicious.

 -- Dominik Viererbe <email address hidden> Mon, 09 Jun 2025 12:16:30 +0300
Source diff to previous version

Version: 8.0.116-8.0.16-0ubuntu1~24.04.1 2025-05-14 03:07:58 UTC

  dotnet8 (8.0.116-8.0.16-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: spoofing vulnerability
    - CVE-2025-26646: .NET and Visual Studio Spoofing Vulnerability
  * Remove strict bootstrapping artifact RID matching. Strict matching caused
    issues during bootstrapping of .NET for a new Ubuntu series, because it
    was build with the binary artifact of the previous series, which caused
    the RIDs not to match. (LP: #2110033) Affected files:
    - debian/rules
    - debian/eng/source_build_artifact_path.py
    - debian/tests/build-time-tests/tests.py

 -- Dominik Viererbe <email address hidden> Tue, 06 May 2025 13:59:06 +0300
Source diff to previous version
2110033 Disable strict bootstrapping artifact RID matching

Version: 8.0.115-8.0.15-0ubuntu1~24.04.1 2025-04-09 04:07:39 UTC

  dotnet8 (8.0.115-8.0.15-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2025-26682: DoS - ASP.NET Core denial of service with HTTP/3

 -- Dominik Viererbe <email address hidden> Fri, 04 Apr 2025 12:32:57 +0300
Source diff to previous version
CVE-2025-26682 Allocation of resources without limits or throttling in ASP.NET Core a ...

Version: 8.0.114-8.0.14-0ubuntu1~24.04.1 2025-03-12 01:06:52 UTC

  dotnet8 (8.0.114-8.0.14-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2101028)
  * SECURITY UPDATE: elevation of privilege
    - CVE-2025-24070: EoP - Potential Security Risk in
      SignInManager.RefreshSignInAsync Method
  * debian/control:
    - moved Suggests dotnet-runtime-dbg-8.0 from dotnet8 to dotnet-runtime-8.0
    - moved Suggests aspnetcore-runtime-dbg-8.0 from dotnet8 to aspnetcore-runtime-8.0
    - moved Suggests dotnet-sdk-dbg-8.0 from dotnet8 to dotnet-sdk-8.0

 -- Dominik Viererbe <email address hidden> Thu, 06 Mar 2025 11:24:30 +0200
2101028 New upstream microrelease 8.0.114 / 8.0.14
CVE-2025-24070 Weak authentication in ASP.NET Core &amp; Visual Studio allows an unau ...


About   -   Send Feedback to @ubuntu_updates