Package "dotnet9"

Name:	dotnet9
Description:	.NET CLI tools and runtime
Latest version:	9.0.107-9.0.6-0ubuntu1~25.04.1
Release:	plucky (25.04)
Level:	security
Repository:	universe
Homepage:	https://dot.net

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "dotnet9"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "dotnet9" in Plucky

Repository	Area	Version
base	universe	9.0.105-9.0.4-0ubuntu1
updates	universe	9.0.107-9.0.6-0ubuntu1~25.04.1

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 9.0.107-9.0.6-0ubuntu1~25.04.1 2025-06-10 20:37:54 UTC

Version: 9.0.107-9.0.6-0ubuntu1~25.04.1	2025-06-10 20:37:54 UTC
dotnet9 (9.0.107-9.0.6-0ubuntu1~25.04.1) plucky; urgency=medium * New upstream release * SECURITY UPDATE: remote code execution - CVE-2025-30399: DLL Hijacking Remote Code Execution Vulnerability. When using the Download File task in Microsoft.NETCore.App.Runtime, omitting the DestinationFileName in the task invocation may expose users to remote file hijacking if the server is malicious. -- Dominik Viererbe <email address hidden> Mon, 09 Jun 2025 12:16:30 +0300
Source diff to previous version

dotnet9 (9.0.107-9.0.6-0ubuntu1~25.04.1) plucky; urgency=medium * New upstream release * SECURITY UPDATE: remote code execution - CVE-2025-30399: DLL Hijacking Remote Code Execution Vulnerability. When using the Download File task in Microsoft.NETCore.App.Runtime, omitting the DestinationFileName in the task invocation may expose users to remote file hijacking if the server is malicious. -- Dominik Viererbe <email address hidden> Mon, 09 Jun 2025 12:16:30 +0300

Source diff to previous version

Version: 9.0.106-9.0.5-0ubuntu1~25.04.1 2025-05-16 03:07:14 UTC

dotnet9 (9.0.106-9.0.5-0ubuntu1~25.04.1) plucky; urgency=medium * New upstream release * SECURITY UPDATE: spoofing vulnerability - CVE-2025-26646: .NET and Visual Studio Spoofing Vulnerability * Remove strict bootstrapping artifact RID matching. Strict matching caused issues during bootstrapping of .NET for a new Ubuntu series, because it was build with the binary artifact of the previous series, which caused the RIDs not to match. (LP: #2110033) Affected files: - debian/rules - debian/eng/source_build_artifact_path.py - debian/tests/build-time-tests/tests.py -- Dominik Viererbe <email address hidden> Tue, 06 May 2025 13:59:06 +0300

2110033	Disable strict bootstrapping artifact RID matching
CVE-2025-26646	External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing ove

About - Send Feedback to @ubuntu_updates

Package "dotnet9"

Links

Download "dotnet9"

Other versions of "dotnet9" in Plucky

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

security

proposed

PPA updates