UbuntuUpdates.org

Package "dotnet10"

Name: dotnet10

Description:

.NET CLI tools and runtime
Latest version: 10.0.104-10.0.4-0ubuntu1~24.04.1
Release: noble (24.04)
Level: updates
Repository: universe
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet10"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet10" in Noble

Repository Area Version
security universe 10.0.104-10.0.4-0ubuntu1~24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.0.104-10.0.4-0ubuntu1~24.04.1 2026-03-11 07:08:03 UTC

  dotnet10 (10.0.104-10.0.4-0ubuntu1~24.04.1) noble-security; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2026-26130: Possible denial-of-service via SignalR stateful
      reconnect buffer overfill.
  * SECURITY UPDATE: denial of service
    - CVE-2026-26127: System.Buffers.Text.Base64Url.DecodeFromChars
      out-of-bounds read from malformed Base64Url input. A bug in the
      implementation causes out-of-bound reads of the DecodingMap, potentially
      leading to Access Violation Exceptions (AVEs) when unsafe code is used.

 -- Ian Constantin <email address hidden> Sun, 08 Mar 2026 21:33:40 +0200
Source diff to previous version
CVE-2026-26130 Allocation of resources without limits or throttling in ASP.NET Core a ...
CVE-2026-26127 Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

Version: 10.0.103-10.0.3-0ubuntu1~24.04.1 2026-02-16 11:07:41 UTC

  dotnet10 (10.0.103-10.0.3-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2026-21218: An attacker could exploit this vulnerability in
      System.Security.Cryptography.Cose by crafting a malicious payload that
      bypasses the security checks in the affected .NET versions, potentially
      leading to unauthorized access or data manipulation.

 -- Mateus Rodrigues de Morais <email address hidden> Mon, 02 Feb 2026 17:30:30 -0300
Source diff to previous version
CVE-2026-21218 Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Version: 10.0.101-10.0.1-0ubuntu1~24.04.2 2026-01-29 16:35:35 UTC

  dotnet10 (10.0.101-10.0.1-0ubuntu1~24.04.2) noble; urgency=medium

  * Resolve package build failures (LP: #2134505):
    - d/p/0007-fix-identitymodel-version.patch: fix FTBFS caused by date-based
      version string calculation in the Microsoft.IdentityModel.Abstractions
      package.
    - d/t/regular-tests/cgroup-limit/test.sh: fix autopkgtest regression in
      Ubuntu releases with rust-coreutils by comparing the cgroup filesystem ID
      instead of friendly name.

 -- Mateus Rodrigues de Morais <email address hidden> Fri, 16 Jan 2026 11:17:22 -0300
Source diff to previous version
2134505 [SRU] New upstream microrelease .NET 10.0.101/10.0.1

Version: 10.0.100-10.0.0-0ubuntu1~24.04.1 2025-12-16 19:01:12 UTC

  dotnet10 (10.0.100-10.0.0-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2130891)
  * d/{sdk-check-config.json,rules}: `dotnet sdk check` tool points to
    Canonical's release database.
  * d/rules: add `--branding rtm` to DOTNET_BUILD_ARGS.
  * d/p/0007-fix-tempdir-on-exit-trap.patch: fix unbound variable error.
  * d/dotnet-host-10.0.links: fixed dnx link name to /usr/bin/dnx (DNX_BIN).
  * d/t/regular-tests: synced with upstream to fix failing tests and add new
    ones for .NET 10.

 -- Mateus Rodrigues de Morais <email address hidden> Fri, 07 Nov 2025 16:11:30 +0100
2130891 [SRU] New upstream microrelease .NET 10.0.100/10.0.0


About   -   Send Feedback to @ubuntu_updates