UbuntuUpdates.org

Package "dotnet8"

Name: dotnet8

Description:

.NET CLI tools and runtime

Latest version: 8.0.110-8.0.10-0ubuntu1~24.04.1
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://dot.net

Links


Download "dotnet8"


Other versions of "dotnet8" in Noble

Repository Area Version
base main 8.0.104-8.0.4-0ubuntu1
base universe 8.0.104-0ubuntu1
security main 8.0.110-8.0.10-0ubuntu1~24.04.1
security universe 8.0.110-0ubuntu1~24.04.1
updates universe 8.0.110-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.110-8.0.10-0ubuntu1~24.04.1 2024-10-08 21:09:51 UTC

  dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

 -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:18 +0300

Source diff to previous version

Version: 8.0.108-8.0.8-0ubuntu1~24.04.2 2024-09-12 23:07:23 UTC

  dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.2) noble; urgency=medium

  * Add ppc64el as a supported architecture (LP: #2075185).
    - d/control, d/rules: Add ppc64el as a supported architecture.
    - d/eng/versionlib/dotnet.py: Add ppc64le to ArchitectureIdentifier.
  * d/p/0002-roslyn-analyzers-dont-use-apphost.patch: Fix ppc64el FTBFS by
    disabling usage of AppHost in roslyn-analyzers PerformanceTests project.
  * d/p/0003-vstest-intent-net8.0.patch: Fix ppc64el FTBFS by changing the
    vstest Intent test project TFM to net8.0.
  * d/t/regular-tests/release-version-sane/VersionTest.cs: Fix test failure
    by defining a sane release version as less than or equal to current.
  * d/eng/test-runner: Update test runner to latest version (v1.1.0) to fix
    autopkgtest failure in ppc64el.

 -- Mateus Rodrigues de Morais <email address hidden> Tue, 13 Aug 2024 18:58:38 -0300

Source diff to previous version
2075185 [SRU] Enable ppc64el for .NET 8 on Noble

Version: 8.0.108-8.0.8-0ubuntu1~24.04.1 2024-08-13 22:07:10 UTC

  dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: information disclosure
    - CVE-2024-38167: information disclosure vulnerability in TlsStream.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <email address hidden> Fri, 09 Aug 2024 09:43:27 +0300

Source diff to previous version
CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability

Version: 8.0.107-8.0.7-0ubuntu1~24.04.1 2024-07-09 23:07:13 UTC

  dotnet8 (8.0.107-8.0.7-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-30105: Denial of service vulnerability in System.Text.Json
      deserialization.
  * SECURITY UPDATE: denial of service
    - CVE-2024-35264: Denial of service in ASP.NET Core 8.
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <email address hidden> Tue, 02 Jul 2024 11:55:58 +0300

Source diff to previous version
CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability

Version: 8.0.105-8.0.5-0ubuntu1~24.04.1 2024-05-15 16:07:12 UTC

  dotnet8 (8.0.105-8.0.5-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.
  * debian/patches/0001-fix-clang18-build.patch: refreshed patch to remove
    new upstream inclusions.

 -- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:30 +0300

CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046 Visual Studio Denial of Service Vulnerability



About   -   Send Feedback to @ubuntu_updates