Home / mailingsPDF  

[USN-8025-2] .NET vulnerability

Posted on 16 February 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8025-2
February 16, 2026

dotnet8, dotnet10 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

.NET could be made to bypass security features.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime

Details:

USN 8025-1 fixed a vulnerability in .NET. This update provides the
corresponding fix for Ubuntu 24.04 LTS.

Original advisory details:

Kevin Jones discovered that the System.Security.Cryptography.Cose
component in .NET did not properly handle certain missing special
elements in input data. An attacker could possibly use this issue to
bypass security checks and gain unauthorized access or perform data
manipulation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
aspnetcore-runtime-10.0 10.0.3-0ubuntu1~24.04.1
aspnetcore-runtime-8.0 8.0.24-0ubuntu1~24.04.1
dotnet-host-10.0 10.0.3-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.24-0ubuntu1~24.04.1
dotnet-hostfxr-10.0 10.0.3-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.24-0ubuntu1~24.04.1
dotnet-runtime-10.0 10.0.3-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.24-0ubuntu1~24.04.1
dotnet-sdk-10.0 10.0.103-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.124-0ubuntu1~24.04.1
dotnet-sdk-aot-10.0 10.0.103-0ubuntu1~24.04.1
dotnet10 10.0.103-10.0.3-0ubuntu1~24.04.1
dotnet8 8.0.124-8.0.24-0ubuntu1~24.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8025-2
https://ubuntu.com/security/notices/USN-8025-1
CVE-2026-21218

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.103-10.0.3-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.124-8.0.24-0ubuntu1~24.04.1

--===============5446134887686430230==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :