UbuntuUpdates.org

Package "dotnet8"

Name: dotnet8

Description:

.NET CLI tools and runtime

Latest version: 8.0.111-8.0.11-0ubuntu1~22.04.1
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: https://dot.net

Links


Download "dotnet8"


Other versions of "dotnet8" in Jammy

Repository Area Version
security main 8.0.110-8.0.10-0ubuntu1~22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.111-8.0.11-0ubuntu1~22.04.1 2024-12-10 18:06:59 UTC

  dotnet8 (8.0.111-8.0.11-0ubuntu1~22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2087882)

 -- Dominik Viererbe <email address hidden> Fri, 08 Nov 2024 18:16:21 +0200

Source diff to previous version
2087882 [SRU] New upstream microrelease .NET 8.0.111/8.0.11

Version: 8.0.110-8.0.10-0ubuntu1~22.04.1 2024-10-08 21:09:48 UTC

  dotnet8 (8.0.110-8.0.10-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

 -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:14 +0300

Source diff to previous version

Version: 8.0.108-8.0.8-0ubuntu1~22.04.1 2024-08-13 22:07:07 UTC

  dotnet8 (8.0.108-8.0.8-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: information disclosure
    - CVE-2024-38167: information disclosure vulnerability in TlsStream.

 -- Ian Constantin <email address hidden> Thu, 08 Aug 2024 16:43:10 +0300

Source diff to previous version
CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability

Version: 8.0.107-8.0.7-0ubuntu1~22.04.1 2024-07-09 23:07:07 UTC

  dotnet8 (8.0.107-8.0.7-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-30105: Denial of service vulnerability in System.Text.Json
      deserialization.
  * SECURITY UPDATE: denial of service
    - CVE-2024-35264: Denial of service in ASP.NET Core 8.
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <email address hidden> Tue, 02 Jul 2024 11:56:00 +0300

Source diff to previous version
CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability

Version: 8.0.105-8.0.5-0ubuntu1~22.04.1 2024-05-15 16:07:07 UTC

  dotnet8 (8.0.105-8.0.5-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.

 -- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:36 +0300

CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046 Visual Studio Denial of Service Vulnerability



About   -   Send Feedback to @ubuntu_updates