Package "dotnet9"
| Name: |
dotnet9
|
Description: |
.NET CLI tools and runtime
|
| Latest version: |
9.0.102-9.0.1-0ubuntu1~24.10.1 |
| Release: |
oracular (24.10) |
| Level: |
updates |
| Repository: |
universe |
| Homepage: |
https://dot.net |
Links
Download "dotnet9"
Other versions of "dotnet9" in Oracular
Packages in group
Deleted packages are displayed in grey.
Changelog
|
dotnet9 (9.0.102-9.0.1-0ubuntu1~24.10.1) oracular; urgency=medium
* New upstream release (LP: #2094271).
* SECURITY UPDATE: remote code execution
- CVE-2025-21171: Buffer overrun in Convert.TryToHexString. An attacker
could exploit this vulnerability by sending a specially crafted request
to the vulnerable web server.
* SECURITY UPDATE: remote code execution
- CVE-2025-21172: An integer overflow in msdia140.dll leads to heap-based
buffer overflow, leading to possible RCE. An attacker could exploit this
vulnerability by loading a specially crafted file in Visual Studio.
* SECURITY UPDATE: remote code execution
- CVE-2025-21176: Insufficient input data validation leads to heap-based
buffer overflow in msdia140.dll. An attacker could exploit this
vulnerability by loading a specially crafted file in Visual Studio.
* SECURITY UPDATE: elevation of privilege
- CVE-2025-21173: Insecure Temp File Usage Allows Malicious Package
Dependency Injection on Linux. An attacker could exploit this
vulnerability to writing a specially crafted file in the security
context of the local system. This only affects .NET on Linux operating
systems.
* d/patches: Renamed patch files to uniquely identify patches among all
dotnet* source packages.
* d/rules: Added override_dh_auto_clean to remove .NET and Python
binary artifacts.
* d/copyright, d/source/lintian-overrides.dotnet9: Fixed
superfluous-file-pattern warning for debian/eng/strenum,
debian/eng/test-runner and debian/tests/regular-tests.
* d/tests/build-time-tests/tests.py: Fixed crash when running for net8.0.
* d/eng/dotnet-version.py, d/eng/versionlib/dotnet.py:
Refactored deb version handling of irregular past releases.
-- Dominik Viererbe <email address hidden> Wed, 15 Jan 2025 20:11:26 +0200
|
| Source diff to previous version |
| 2094271 |
[SRU] New upstream microrelease .NET 9.0.102/9.0.1 |
| CVE-2025-21171 |
.NET Remote Code Execution Vulnerability |
| CVE-2025-21172 |
.NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-21176 |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-21173 |
.NET Elevation of Privilege Vulnerability |
|
|
dotnet9 (9.0.100-9.0.0-0ubuntu1~24.10.1) oracular; urgency=medium
* New upstream release (LP: #2087880)
* SECURITY UPDATE: privilege escalation
- CVE-2024-43498: an authenticated attacker could create a malicious
extension and then wait for an authenticated user to create a new Visual
Studio project that uses that extension. The result is that the attacker
could gain the privileges of the user.
* SECURITY UPDATE: denial of service
- CVE-2024-43499: a remote unauthenticated attacker could exploit this
vulnerability by sending specially crafted requests to a .NET vulnerable
webapp or loading a specially crafted file into a vulnerable desktop app.
* debian/rules, debian/eng/source_build_artifact_path.py: temporarily disable
strict RID matching to solve build issue on plucky due to binary copying
during archive opening.
* debian/eng/dotnet-version.py: temporarily add '-rtm' to
DOTNET_DEB_VERSION_RUNTIME_ONLY and DOTNET_DEB_VERSION_SDK_ONLY to fix
version ordering issue with final release.
-- Dominik Viererbe <email address hidden> Fri, 08 Nov 2024 18:16:21 +0200
|
| 2087880 |
New upstream microrelease .NET 9.0 final release |
| CVE-2024-43498 |
.NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-43499 |
.NET and Visual Studio Denial of Service Vulnerability |
|
About
-
Send Feedback to @ubuntu_updates
