UbuntuUpdates.org

Package "dotnet8"

Name: dotnet8

Description:

.NET CLI tools and runtime
Latest version: 8.0.110-8.0.10-0ubuntu1~24.04.1
Release: noble (24.04)
Level: security
Repository: main
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet8"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet8" in Noble

Repository Area Version
base main 8.0.104-8.0.4-0ubuntu1
base universe 8.0.104-0ubuntu1
security universe 8.0.110-0ubuntu1~24.04.1
updates main 8.0.110-8.0.10-0ubuntu1~24.04.1
updates universe 8.0.110-0ubuntu1~24.04.1
proposed main 8.0.111-8.0.11-0ubuntu1~24.04.1
proposed universe 8.0.111-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.110-8.0.10-0ubuntu1~24.04.1 2024-10-08 20:07:09 UTC

  dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

 -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:18 +0300
Source diff to previous version

Version: 8.0.108-8.0.8-0ubuntu1~24.04.1 2024-08-13 20:07:14 UTC

  dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: information disclosure
    - CVE-2024-38167: information disclosure vulnerability in TlsStream.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <email address hidden> Fri, 09 Aug 2024 09:43:27 +0300
Source diff to previous version
CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability

Version: 8.0.107-8.0.7-0ubuntu1~24.04.1 2024-07-09 22:07:22 UTC

  dotnet8 (8.0.107-8.0.7-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-30105: Denial of service vulnerability in System.Text.Json
      deserialization.
  * SECURITY UPDATE: denial of service
    - CVE-2024-35264: Denial of service in ASP.NET Core 8.
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <email address hidden> Tue, 02 Jul 2024 11:55:58 +0300
Source diff to previous version
CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability

Version: 8.0.105-8.0.5-0ubuntu1~24.04.1 2024-05-15 15:07:01 UTC

  dotnet8 (8.0.105-8.0.5-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.
  * debian/patches/0001-fix-clang18-build.patch: refreshed patch to remove
    new upstream inclusions.

 -- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:30 +0300
CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046 Visual Studio Denial of Service Vulnerability


About   -   Send Feedback to @ubuntu_updates