UbuntuUpdates.org

Package "dotnet10"

Name: dotnet10

Description:

.NET CLI tools and runtime
Latest version: 10.0.107-10.0.7-0ubuntu1~24.04.1
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet10"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet10" in Noble

Repository Area Version
security universe 10.0.107-0ubuntu1~24.04.1
security main 10.0.107-10.0.7-0ubuntu1~24.04.1
updates universe 10.0.107-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.0.107-10.0.7-0ubuntu1~24.04.1 2026-04-23 22:08:09 UTC

  dotnet10 (10.0.107-10.0.7-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: elevation of privilege
    - CVE-2026-40372: A bug in Microsoft.AspNetCore.DataProtection
      10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to
      execute an Elevation of Privilege attack by forging authentication
      cookies, and also allows some protected payloads to be decrypted.

 -- Mateus Rodrigues de Morais <email address hidden> Wed, 22 Apr 2026 09:43:45 -0300
Source diff to previous version
CVE-2026-40372 Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Version: 10.0.106-10.0.6-0ubuntu1~24.04.1 2026-04-15 23:08:19 UTC

  dotnet10 (10.0.106-10.0.6-0ubuntu1~24.04.1) noble-security; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2026-33116: Possible denial of service via infinite recursion in
      XmlDecryptionTransform.
  * SECURITY UPDATE: denial of service
    - CVE-2026-32203: Possible denial of service via stack overflow in
      EncryptedKey nested decryption.
  * SECURITY UPDATE: remote code execution
    - CVE-2026-32178: SMTP command injection and header injection via
      MailAddress parsing flaw in System.Net.Mail.
  * SECURITY UPDATE: security feature bypass
    - CVE-2026-26171: denial of service and security feature bypass via unsafe
      transforms in EncryptedXml.

 -- Ian Constantin <email address hidden> Tue, 14 Apr 2026 19:43:50 +0000
Source diff to previous version
CVE-2026-33116 Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a
CVE-2026-32203 Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-32178 Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26171 Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

Version: 10.0.105-10.0.5-0ubuntu1~24.04.1 2026-04-03 03:11:11 UTC

  dotnet10 (10.0.105-10.0.5-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release. (LP: #2144328)

 -- Mateus Rodrigues de Morais <email address hidden> Thu, 12 Mar 2026 17:11:45 -0300
2144328 [SRU] New upstream microrelease .NET 10.0.105/10.0.5


About   -   Send Feedback to @ubuntu_updates