========================================================================== Ubuntu Security Notice USN-8025-2 February 16, 2026
dotnet8, dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: .NET could be made to bypass security features. Software Description: - dotnet10: .NET CLI tools and runtime - dotnet8: .NET CLI tools and runtime Details: USN 8025-1 fixed a vulnerability in .NET. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.3-0ubuntu1~24.04.1 aspnetcore-runtime-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-host-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-hostfxr-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.3-0ubuntu1~24.04.1 dotnet-runtime-8.0 8.0.24-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.103-0ubuntu1~24.04.1 dotnet-sdk-8.0 8.0.124-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.103-0ubuntu1~24.04.1 dotnet10 10.0.103-10.0.3-0ubuntu1~24.04.1 dotnet8 8.0.124-8.0.24-0ubuntu1~24.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8025-2 https://ubuntu.com/security/notices/USN-8025-1 CVE-2026-21218 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.103-10.0.3-0ubuntu1~24.04.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.124-8.0.24-0ubuntu1~24.04.1
signature.asc
Description: OpenPGP digital signature
