UbuntuUpdates.org

Package "dotnet9"

Name: dotnet9

Description:

.NET CLI tools and runtime
Latest version: 9.0.100-9.0.0-0ubuntu1~24.10.1
Release: oracular (24.10)
Level: security
Repository: universe
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet9"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet9" in Oracular

Repository Area Version
updates universe 9.0.100-9.0.0-0ubuntu1~24.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 9.0.100-9.0.0-0ubuntu1~24.10.1 2024-11-12 21:06:51 UTC

  dotnet9 (9.0.100-9.0.0-0ubuntu1~24.10.1) oracular; urgency=medium

  * New upstream release (LP: #2087880)
  * SECURITY UPDATE: privilege escalation
    - CVE-2024-43498: an authenticated attacker could create a malicious
      extension and then wait for an authenticated user to create a new Visual
      Studio project that uses that extension. The result is that the attacker
      could gain the privileges of the user.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43499: a remote unauthenticated attacker could exploit this
      vulnerability by sending specially crafted requests to a .NET vulnerable
      webapp or loading a specially crafted file into a vulnerable desktop app.
  * debian/rules, debian/eng/source_build_artifact_path.py: temporarily disable
    strict RID matching to solve build issue on plucky due to binary copying
    during archive opening.
  * debian/eng/dotnet-version.py: temporarily add '-rtm' to
    DOTNET_DEB_VERSION_RUNTIME_ONLY and DOTNET_DEB_VERSION_SDK_ONLY to fix
    version ordering issue with final release.

 -- Dominik Viererbe <email address hidden> Fri, 08 Nov 2024 18:16:21 +0200
2087880 New upstream microrelease .NET 9.0 final release
CVE-2024-43498 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-43499 .NET and Visual Studio Denial of Service Vulnerability


About   -   Send Feedback to @ubuntu_updates