Package "dotnet8"

Name:	dotnet8
Description:	.NET CLI tools and runtime
Latest version:	8.0.110-8.0.10-0ubuntu1~22.04.1
Release:	jammy (22.04)
Level:	security
Repository:	main
Homepage:	https://dot.net

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "dotnet8"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "dotnet8" in Jammy

Repository	Area	Version
updates	main	8.0.110-8.0.10-0ubuntu1~22.04.1
proposed	main	8.0.111-8.0.11-0ubuntu1~22.04.1

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 8.0.110-8.0.10-0ubuntu1~22.04.1 2024-10-08 20:07:05 UTC

Version: 8.0.110-8.0.10-0ubuntu1~22.04.1	2024-10-08 20:07:05 UTC
dotnet8 (8.0.110-8.0.10-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: remote code execution - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to remote code execution. * SECURITY UPDATE: denial of service - CVE-2024-43483: Multiple .NET components designed to process hostile input are susceptible to hash flooding attacks. * SECURITY UPDATE: denial of service - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of SortedList. * SECURITY UPDATE: denial of service - CVE-2024-43485: Denial of Service attack against System.Text.Json ExtensionData feature. -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:14 +0300
Source diff to previous version

dotnet8 (8.0.110-8.0.10-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: remote code execution - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to remote code execution. * SECURITY UPDATE: denial of service - CVE-2024-43483: Multiple .NET components designed to process hostile input are susceptible to hash flooding attacks. * SECURITY UPDATE: denial of service - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of SortedList. * SECURITY UPDATE: denial of service - CVE-2024-43485: Denial of Service attack against System.Text.Json ExtensionData feature. -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:14 +0300

Source diff to previous version

Version: 8.0.108-8.0.8-0ubuntu1~22.04.1 2024-08-13 20:07:10 UTC

dotnet8 (8.0.108-8.0.8-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: information disclosure - CVE-2024-38167: information disclosure vulnerability in TlsStream. -- Ian Constantin <email address hidden> Thu, 08 Aug 2024 16:43:10 +0300

Source diff to previous version

CVE-2024-38167

.NET and Visual Studio Information Disclosure Vulnerability

Version: 8.0.107-8.0.7-0ubuntu1~22.04.1 2024-07-09 22:07:14 UTC

dotnet8 (8.0.107-8.0.7-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-30105: Denial of service vulnerability in System.Text.Json deserialization. * SECURITY UPDATE: denial of service - CVE-2024-35264: Denial of service in ASP.NET Core 8. * SECURITY UPDATE: denial of service - CVE-2024-38095: Denial of service in parsing X.509 Content and ObjectIdentifiers. * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY connection method updated. -- Ian Constantin <email address hidden> Tue, 02 Jul 2024 11:56:00 +0300

Source diff to previous version

CVE-2024-30105	.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-35264	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38095	.NET and Visual Studio Denial of Service Vulnerability

Version: 8.0.105-8.0.5-0ubuntu1~22.04.1 2024-05-15 15:06:57 UTC

dotnet8 (8.0.105-8.0.5-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: stack buffer overflow - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse routine allows for remote code execution. * SECURITY UPDATE: resource dead-lock - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a denial of service. -- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:36 +0300

Source diff to previous version

CVE-2024-30045	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046	Visual Studio Denial of Service Vulnerability

Version: 8.0.103-8.0.3-0ubuntu1~22.04.1 2024-04-18 23:07:11 UTC

dotnet8 (8.0.103-8.0.3-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support. -- Ian Constantin <email address hidden> Fri, 08 Mar 2024 10:26:16 +0200

CVE-2024-21392

.NET and Visual Studio Denial of Service Vulnerability

About - Send Feedback to @ubuntu_updates

Package "dotnet8"

Links

Download "dotnet8"

Other versions of "dotnet8" in Jammy

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates