SecurityHome.eu [USN-8025-1] .NET vulnerability

Home / mailings PDF

[USN-8025-1] .NET vulnerability
Posted on 12 February 2026
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-8025-1
February 11, 2026

dotnet8, dotnet9, dotnet10 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 22.04 LTS

Summary:

.NET could be made to bypass security features.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

Kevin Jones discovered that the System.Security.Cryptography.Cose component
in .NET did not properly handle certain missing special elements in input
data. An attacker could possibly use this issue to bypass security checks
and gain unauthorized access or perform data manipulation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
aspnetcore-runtime-10.0 10.0.3-0ubuntu1~25.10.1
aspnetcore-runtime-8.0 8.0.24-0ubuntu1~25.10.1
aspnetcore-runtime-9.0 9.0.13-0ubuntu1~25.10.1
dotnet-host-10.0 10.0.3-0ubuntu1~25.10.1
dotnet-host-8.0 8.0.24-0ubuntu1~25.10.1
dotnet-host-9.0 9.0.13-0ubuntu1~25.10.1
dotnet-hostfxr-10.0 10.0.3-0ubuntu1~25.10.1
dotnet-hostfxr-8.0 8.0.24-0ubuntu1~25.10.1
dotnet-hostfxr-9.0 9.0.13-0ubuntu1~25.10.1
dotnet-runtime-10.0 10.0.3-0ubuntu1~25.10.1
dotnet-runtime-8.0 8.0.24-0ubuntu1~25.10.1
dotnet-runtime-9.0 9.0.13-0ubuntu1~25.10.1
dotnet-sdk-10.0 10.0.103-0ubuntu1~25.10.1
dotnet-sdk-8.0 8.0.124-0ubuntu1~25.10.1
dotnet-sdk-9.0 9.0.114-0ubuntu1~25.10.1
dotnet-sdk-aot-10.0 10.0.103-0ubuntu1~25.10.1
dotnet-sdk-aot-9.0 9.0.114-0ubuntu1~25.10.1
dotnet10 10.0.103-10.0.3-0ubuntu1~25.10.1
dotnet8 8.0.124-8.0.24-0ubuntu1~25.10.1
dotnet9 9.0.114-9.0.13-0ubuntu1~25.10.1

Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.24-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.24-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.24-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.24-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.124-0ubuntu1~22.04.1
dotnet8 8.0.124-8.0.24-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8025-1
CVE-2026-21218

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.103-10.0.3-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.124-8.0.24-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.114-9.0.13-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.124-8.0.24-0ubuntu1~22.04.1

--===============5582729345503123763==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20