Home / mailingsPDF  

[USN-7822-1] .NET vulnerabilities

Posted on 16 October 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7822-1
October 16, 2025

dotnet8, dotnet9, dotnet10 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle the creation of temporary
build time directories. An attacker could possibly use this issue to cause a
denial of service. (CVE-2025-55247)

It was discovered that .NET did not properly establish TLS sessions for
SMTP server connections. An attacker could use this issue to cause .NET
to use unencrypted connections. This issue only affects .NET versions 8.0
and 9.0. (CVE-2025-55248)

It was discovered that .NET inconsistently interpreted certain http
requests. An attacker could possibly use this to bypass a security feature
over a network. (CVE-2025-55315)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
aspnetcore-runtime-10.0 10.0.0~rc2-0ubuntu1~25.10.2
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~25.10.1
aspnetcore-runtime-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-host-10.0 10.0.0~rc2-0ubuntu1~25.10.2
dotnet-host-8.0 8.0.21-0ubuntu1~25.10.1
dotnet-host-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-hostfxr-10.0 10.0.0~rc2-0ubuntu1~25.10.2
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~25.10.1
dotnet-hostfxr-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-runtime-10.0 10.0.0~rc2-0ubuntu1~25.10.2
dotnet-runtime-8.0 8.0.21-0ubuntu1~25.10.1
dotnet-runtime-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-sdk-10.0 10.0.100~rc2-0ubuntu1~25.10.2
dotnet-sdk-8.0 8.0.121-0ubuntu1~25.10.1
dotnet-sdk-9.0 9.0.111-0ubuntu1~25.10.1
dotnet-sdk-aot-10.0 10.0.100~rc2-0ubuntu1~25.10.2
dotnet-sdk-aot-9.0 9.0.111-0ubuntu1~25.10.1
dotnet10 10.0.100-10.0.0~rc2-0ubuntu1~25.10.2
dotnet8 8.0.121-8.0.21-0ubuntu1~25.10.1
dotnet9 9.0.111-9.0.10-0ubuntu1~25.10.1

Ubuntu 25.04
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~25.04.1
aspnetcore-runtime-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-host-8.0 8.0.21-0ubuntu1~25.04.1
dotnet-host-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~25.04.1
dotnet-hostfxr-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-runtime-8.0 8.0.21-0ubuntu1~25.04.1
dotnet-runtime-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-sdk-8.0 8.0.121-0ubuntu1~25.04.1
dotnet-sdk-9.0 9.0.111-0ubuntu1~25.04.1
dotnet-sdk-aot-9.0 9.0.111-0ubuntu1~25.04.1
dotnet8 8.0.121-8.0.21-0ubuntu1~25.04.1
dotnet9 9.0.111-9.0.10-0ubuntu1~25.04.1

Ubuntu 24.04 LTS
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.121-0ubuntu1~24.04.1
dotnet8 8.0.121-8.0.21-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.121-0ubuntu1~22.04.1
dotnet8 8.0.121-8.0.21-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7822-1
CVE-2025-55247, CVE-2025-55248, CVE-2025-55315

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.100-10.0.0~rc2-0ubuntu1~25.10.2
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.111-9.0.10-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~25.04.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.111-9.0.10-0ubuntu1~25.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~22.04.1

--===============8316388188405380856==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :