drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in .NET
| Name: |
Ausführen beliebiger Kommandos in .NET |
|
| ID: |
USN-7427-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10 |
|
| Datum: |
Mi, 9. April 2025, 07:37 |
|
| Referenzen: |
https://launchpad.net/ubuntu/+source/dotnet9/9.0.105-9.0.4-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~22.04.1
https://www.cve.org/CVERecord?id=CVE-2025-26682
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.04.1 |
|
| Applikationen: |
.NET |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0821460296248446427==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------aLI4Cjiykdb6ZZyptiyBmaEq"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------aLI4Cjiykdb6ZZyptiyBmaEq
Content-Type: multipart/mixed;
boundary="------------illi8XZvn9KoSiW6rqa0EG8X";
protected-headers="v1"
From: Ian Constantin <ian.constantin@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <edb482ed-f2f8-4eb6-bd9e-92470313ae29@canonical.com>
Subject: [USN-7427-1] .NET vulnerability
--------------illi8XZvn9KoSiW6rqa0EG8X
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-7427-1
April 08, 2025
dotnet8, dotnet9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
.NET could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime
Details:
James Newton-King discovered that .NET did not properly limit resource
allocation when handling certain HTTP/3 requests. An attacker could
possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
aspnetcore-runtime-8.0 8.0.15-0ubuntu1~24.10.1
aspnetcore-runtime-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-host-8.0 8.0.15-0ubuntu1~24.10.1
dotnet-host-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-hostfxr-8.0 8.0.15-0ubuntu1~24.10.1
dotnet-hostfxr-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-runtime-8.0 8.0.15-0ubuntu1~24.10.1
dotnet-runtime-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-sdk-8.0 8.0.115-0ubuntu1~24.10.1
dotnet-sdk-9.0 9.0.105-0ubuntu1~24.10.1
dotnet-sdk-aot-9.0 9.0.105-0ubuntu1~24.10.1
dotnet8 8.0.115-8.0.15-0ubuntu1~24.10.1
dotnet9 9.0.105-9.0.4-0ubuntu1~24.10.1
Ubuntu 24.04 LTS
aspnetcore-runtime-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.115-0ubuntu1~24.04.1
dotnet8 8.0.115-8.0.15-0ubuntu1~24.04.1
Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.115-0ubuntu1~22.04.1
dotnet8 8.0.115-8.0.15-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7427-1
CVE-2025-26682
Package Information:
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.105-9.0.4-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~22.04.1
--------------illi8XZvn9KoSiW6rqa0EG8X--
--------------aLI4Cjiykdb6ZZyptiyBmaEq
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmf1k2sFAwAAAAAACgkQa1+PL+d1/EhS
kAwAgHuNvt+qTD79LiHdo8Lph6l82Vl9c5+j9dRZV7D0ZIC0ASY9ZiOt9n1C00x4b5wn+C+zqSqJ
RsmIZ42dIoaBnWiJRCpGvrC/GVkS4OykKPSIere95+0Aab9sfPE117a2HdmnAJUk8wqxkmYBGOyw
8IicGxoIXnhtZSqgzwUhDrL8ZHFgeLnfBnACkse6hVHXAlM1hdKjQrbU9MpvYoeRwIfDzYOt6Try
qp6kcF1bD9FtI6ZG2nbC1CF7drH6PQ70Z3pMQQhiGitOHiuXaJudsFfVAExk3R1e0FE2g1GWJl5o
vgJE2iswBrb/ttAJm0Dw60SNIdSeLQLiPcEnAdheI9LdTYkr87SNipomjjBhcrXzhXRA5rvE9dZw
8+p5I/1dcxtaw9PVL7YBijxwAyLAqoAF+JG6h/LgRFlJU1cX+TqoMj4idJOU8JBm9v1LyrES+Xj0
RmIpyvcmuEXw3cic9Uoy/dLWrN3Bcq1PS4jiDvNtdTQj+Cu74m71avvfo+r7
=2W5X
-----END PGP SIGNATURE-----
--------------aLI4Cjiykdb6ZZyptiyBmaEq--
--===============0821460296248446427==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============0821460296248446427==--
|
|
|
|
