Package "dotnet8"

Name:	dotnet8
Description:	.NET CLI tools and runtime
Latest version:	8.0.110-8.0.10-0ubuntu1~24.04.1
Release:	noble (24.04)
Level:	updates
Repository:	main
Homepage:	https://dot.net

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "dotnet8"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "dotnet8" in Noble

Repository	Area	Version
base	main	8.0.104-8.0.4-0ubuntu1
base	universe	8.0.104-0ubuntu1
security	main	8.0.110-8.0.10-0ubuntu1~24.04.1
security	universe	8.0.110-0ubuntu1~24.04.1
updates	universe	8.0.110-0ubuntu1~24.04.1
proposed	main	8.0.111-8.0.11-0ubuntu1~24.04.1
proposed	universe	8.0.111-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 8.0.110-8.0.10-0ubuntu1~24.04.1 2024-10-08 21:09:51 UTC

Version: 8.0.110-8.0.10-0ubuntu1~24.04.1	2024-10-08 21:09:51 UTC
dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium * New upstream release * SECURITY UPDATE: remote code execution - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to remote code execution. * SECURITY UPDATE: denial of service - CVE-2024-43483: Multiple .NET components designed to process hostile input are susceptible to hash flooding attacks. * SECURITY UPDATE: denial of service - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of SortedList. * SECURITY UPDATE: denial of service - CVE-2024-43485: Denial of Service attack against System.Text.Json ExtensionData feature. -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:18 +0300
Source diff to previous version

dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium * New upstream release * SECURITY UPDATE: remote code execution - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to remote code execution. * SECURITY UPDATE: denial of service - CVE-2024-43483: Multiple .NET components designed to process hostile input are susceptible to hash flooding attacks. * SECURITY UPDATE: denial of service - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of SortedList. * SECURITY UPDATE: denial of service - CVE-2024-43485: Denial of Service attack against System.Text.Json ExtensionData feature. -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:18 +0300

Source diff to previous version

Version: 8.0.108-8.0.8-0ubuntu1~24.04.2 2024-09-12 23:07:23 UTC

dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.2) noble; urgency=medium * Add ppc64el as a supported architecture (LP: #2075185). - d/control, d/rules: Add ppc64el as a supported architecture. - d/eng/versionlib/dotnet.py: Add ppc64le to ArchitectureIdentifier. * d/p/0002-roslyn-analyzers-dont-use-apphost.patch: Fix ppc64el FTBFS by disabling usage of AppHost in roslyn-analyzers PerformanceTests project. * d/p/0003-vstest-intent-net8.0.patch: Fix ppc64el FTBFS by changing the vstest Intent test project TFM to net8.0. * d/t/regular-tests/release-version-sane/VersionTest.cs: Fix test failure by defining a sane release version as less than or equal to current. * d/eng/test-runner: Update test runner to latest version (v1.1.0) to fix autopkgtest failure in ppc64el. -- Mateus Rodrigues de Morais <email address hidden> Tue, 13 Aug 2024 18:58:38 -0300

Source diff to previous version

2075185

[SRU] Enable ppc64el for .NET 8 on Noble

Version: 8.0.108-8.0.8-0ubuntu1~24.04.1 2024-08-13 22:07:10 UTC

dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.1) noble-security; urgency=medium * New upstream release * SECURITY UPDATE: information disclosure - CVE-2024-38167: information disclosure vulnerability in TlsStream. * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY connection method updated. -- Ian Constantin <email address hidden> Fri, 09 Aug 2024 09:43:27 +0300

Source diff to previous version

CVE-2024-38167

.NET and Visual Studio Information Disclosure Vulnerability

Version: 8.0.107-8.0.7-0ubuntu1~24.04.1 2024-07-09 23:07:13 UTC

dotnet8 (8.0.107-8.0.7-0ubuntu1~24.04.1) noble-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-30105: Denial of service vulnerability in System.Text.Json deserialization. * SECURITY UPDATE: denial of service - CVE-2024-35264: Denial of service in ASP.NET Core 8. * SECURITY UPDATE: denial of service - CVE-2024-38095: Denial of service in parsing X.509 Content and ObjectIdentifiers. * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY connection method updated. -- Ian Constantin <email address hidden> Tue, 02 Jul 2024 11:55:58 +0300

Source diff to previous version

CVE-2024-30105	.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-35264	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38095	.NET and Visual Studio Denial of Service Vulnerability

Version: 8.0.105-8.0.5-0ubuntu1~24.04.1 2024-05-15 16:07:12 UTC

dotnet8 (8.0.105-8.0.5-0ubuntu1~24.04.1) noble-security; urgency=medium * New upstream release * SECURITY UPDATE: stack buffer overflow - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse routine allows for remote code execution. * SECURITY UPDATE: resource dead-lock - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a denial of service. * debian/patches/0001-fix-clang18-build.patch: refreshed patch to remove new upstream inclusions. -- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:30 +0300

CVE-2024-30045	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046	Visual Studio Denial of Service Vulnerability

About - Send Feedback to @ubuntu_updates

Package "dotnet8"

Links

Download "dotnet8"

Other versions of "dotnet8" in Noble

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

security

proposed

PPA updates