UbuntuUpdates.org

Package "dotnet10"

Name: dotnet10

Description:

.NET CLI tools and runtime
Latest version: 10.0.103-10.0.3-0ubuntu1~25.10.1
Release: questing (25.10)
Level: security
Repository: universe
Homepage: https://dot.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dotnet10"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dotnet10" in Questing

Repository Area Version
updates universe 10.0.103-10.0.3-0ubuntu1~25.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.0.103-10.0.3-0ubuntu1~25.10.1 2026-02-11 05:07:49 UTC

  dotnet10 (10.0.103-10.0.3-0ubuntu1~25.10.1) questing; urgency=medium

  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2026-21218: An attacker could exploit this vulnerability in
      System.Security.Cryptography.Cose by crafting a malicious payload that
      bypasses the security checks in the affected .NET versions, potentially
      leading to unauthorized access or data manipulation.

 -- Mateus Rodrigues de Morais <email address hidden> Mon, 02 Feb 2026 17:30:30 -0300
Source diff to previous version
CVE-2026-21218 Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Version: 10.0.100-10.0.0~rc2-0ubuntu1~25.10.2 2025-10-15 14:07:10 UTC

  dotnet10 (10.0.100-10.0.0~rc2-0ubuntu1~25.10.2) questing-security; urgency=medium

  [ Dominik Viererbe ]
  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2025-55247: A vulnerability exists in .NET Core where predictable
      paths for MSBuild's temporary directories on Linux let another user
      create the directories ahead of MSBuild, leading to DoS of builds.
  * SECURITY UPDATE: validation bypass
    - CVE-2025-55315: Inconsistent interpretation of http requests
      ('http request/response smuggling') in ASP.NET Core allows an authorized
      attacker to bypass a security feature over a network.

 -- Ian Constantin <email address hidden> Tue, 14 Oct 2025 22:24:22 +0300
CVE-2025-55247 Improper link resolution before file access ('link following') in .NET ...
CVE-2025-55315 Inconsistent interpretation of http requests ('http request/response s ...


About   -   Send Feedback to @ubuntu_updates