Not a user yet?
Log in Register for free Suggest a product
Update

USN-8176-1: .NET vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-8176-1: .NET vulnerabilities

Publication date : 15 April 2026
Overview: Several security issues were fixed in .NET.

Packages

  • dotnet10 - .NET CLI tools and runtime
  • dotnet8 - .NET CLI tools and runtime
  • dotnet9 - .NET CLI tools and runtime

Details
Ludvig Pedersen discovered that the System.Security.Cryptography.Xml
library in .NET incorrectly handled certain XML inputs. An attacker could
possibly use this issue to consume excessive resources, resulting in a
denial of service. (CVE-2026-33116, CVE-2026-26171)

Ludvig Pedersen and Kevin Jones discovered that the
System.Security.Cryptography.Xml library in .NET incorrectly handled
certain XML inputs. An attacker could possibly use this issue to cause
.NET to crash, resulting in a denial of service. (CVE-2026-32203)

Ludvig Pedersen discovered that the System.Net.Mail component in .NET
incorrectly handled certain inputs. An attacker could possibly use this
issue to perform a network spoofing attack. (CVE-2026-32178)

Update instructions
In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

25.10 questing

  • aspnetcore-runtime-10.0 – 10.0.6-0ubuntu1~25.10.1
  • aspnetcore-runtime-8.0 – 8.0.26-0ubuntu1~25.10.1
  • aspnetcore-runtime-9.0 – 9.0.15-0ubuntu1~25.10.1
  • dotnet-host-10.0 – 10.0.6-0ubuntu1~25.10.1
  • dotnet-host-8.0 – 8.0.26-0ubuntu1~25.10.1
  • dotnet-host-9.0 – 9.0.15-0ubuntu1~25.10.1
  • dotnet-hostfxr-10.0 – 10.0.6-0ubuntu1~25.10.1
  • dotnet-hostfxr-8.0 – 8.0.26-0ubuntu1~25.10.1
  • dotnet-hostfxr-9.0 – 9.0.15-0ubuntu1~25.10.1
  • dotnet-runtime-10.0 – 10.0.6-0ubuntu1~25.10.1
  • dotnet-runtime-8.0 – 8.0.26-0ubuntu1~25.10.1
  • dotnet-runtime-9.0 – 9.0.15-0ubuntu1~25.10.1
  • dotnet-sdk-10.0 – 10.0.106-0ubuntu1~25.10.1
  • dotnet-sdk-8.0 – 8.0.126-0ubuntu1~25.10.1
  • dotnet-sdk-9.0 – 9.0.116-0ubuntu1~25.10.1
  • dotnet-sdk-aot-10.0 – 10.0.106-0ubuntu1~25.10.1
  • dotnet-sdk-aot-9.0 – 9.0.116-0ubuntu1~25.10.1
  • dotnet10 – 10.0.106-10.0.6-0ubuntu1~25.10.1
  • dotnet8 – 8.0.126-8.0.26-0ubuntu1~25.10.1
  • dotnet9 – 9.0.116-9.0.15-0ubuntu1~25.10.1

24.04 LTS noble

  • aspnetcore-runtime-10.0 – 10.0.6-0ubuntu1~24.04.1
  • aspnetcore-runtime-8.0 – 8.0.26-0ubuntu1~24.04.1
  • dotnet-host-10.0 – 10.0.6-0ubuntu1~24.04.1
  • dotnet-host-8.0 – 8.0.26-0ubuntu1~24.04.1
  • dotnet-hostfxr-10.0 – 10.0.6-0ubuntu1~24.04.1
  • dotnet-hostfxr-8.0 – 8.0.26-0ubuntu1~24.04.1
  • dotnet-runtime-10.0 – 10.0.6-0ubuntu1~24.04.1
  • dotnet-runtime-8.0 – 8.0.26-0ubuntu1~24.04.1
  • dotnet-sdk-10.0 – 10.0.106-0ubuntu1~24.04.1
  • dotnet-sdk-8.0 – 8.0.126-0ubuntu1~24.04.1
  • dotnet-sdk-aot-10.0 – 10.0.106-0ubuntu1~24.04.1
  • dotnet10 – 10.0.106-10.0.6-0ubuntu1~24.04.1
  • dotnet8 – 8.0.126-8.0.26-0ubuntu1~24.04.1

22.04 LTS jammy

  • aspnetcore-runtime-8.0 – 8.0.26-0ubuntu1~22.04.1
  • dotnet-host-8.0 – 8.0.26-0ubuntu1~22.04.1
  • dotnet-hostfxr-8.0 – 8.0.26-0ubuntu1~22.04.1
  • dotnet-runtime-8.0 – 8.0.26-0ubuntu1~22.04.1
  • dotnet-sdk-8.0 – 8.0.126-0ubuntu1~22.04.1
  • dotnet8 – 8.0.126-8.0.26-0ubuntu1~22.04.1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad