USN-7345-1: .NET vulnerability

Releases

• Ubuntu 24.10
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS

Packages

• dotnet8 - .NET CLI tools and runtime
• dotnet9 - .NET CLI tools and runtime

Details

Zahid TOKAT discovered that .NET suffered from a weak authentication
vulnerability. An attacker could possibly use this issue to elevate
privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

• aspnetcore-runtime-8.0 - 8.0.14-0ubuntu1~24.10.1
• aspnetcore-runtime-9.0 - 9.0.3-0ubuntu1~24.10.1
• dotnet-host-8.0 - 8.0.14-0ubuntu1~24.10.1
• dotnet-host-9.0 - 9.0.3-0ubuntu1~24.10.1
• dotnet-hostfxr-8.0 - 8.0.14-0ubuntu1~24.10.1
• dotnet-hostfxr-9.0 - 9.0.3-0ubuntu1~24.10.1
• dotnet-runtime-8.0 - 8.0.14-0ubuntu1~24.10.1
• dotnet-runtime-9.0 - 9.0.3-0ubuntu1~24.10.1
• dotnet-sdk-8.0 - 8.0.114-0ubuntu1~24.10.1
• dotnet-sdk-9.0 - 9.0.104-0ubuntu1~24.10.1
• dotnet8 - 8.0.114-8.0.14-0ubuntu1~24.10.1
• dotnet9 - 9.0.104-9.0.3-0ubuntu1~24.10.1

Ubuntu 24.04

• aspnetcore-runtime-8.0 - 8.0.14-0ubuntu1~24.04.1
• dotnet-host-8.0 - 8.0.14-0ubuntu1~24.04.1
• dotnet-hostfxr-8.0 - 8.0.14-0ubuntu1~24.04.1
• dotnet-runtime-8.0 - 8.0.14-0ubuntu1~24.04.1
• dotnet-sdk-8.0 - 8.0.114-0ubuntu1~24.04.1
• dotnet8 - 8.0.114-8.0.14-0ubuntu1~24.04.1

Ubuntu 22.04

• aspnetcore-runtime-8.0 - 8.0.14-0ubuntu1~22.04.1
• dotnet-host-8.0 - 8.0.14-0ubuntu1~22.04.1
• dotnet-hostfxr-8.0 - 8.0.14-0ubuntu1~22.04.1
• dotnet-runtime-8.0 - 8.0.14-0ubuntu1~22.04.1
• dotnet-sdk-8.0 - 8.0.114-0ubuntu1~22.04.1
• dotnet8 - 8.0.114-8.0.14-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References

• CVE-2025-24070