[USN-8215-1] .NET vulnerability

========================================================================== Ubuntu Security Notice USN-8215-1 April 28, 2026 dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: .NET could be made to crash or run programs as an administrator. Software Description: - dotnet10: .NET CLI tools and runtime Details: It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~25.10.1 dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~24.04.1 dotnet10 10.0.107-10.0.7-0ubuntu1~24.04.1 After a standard system update, it is recommended to rotate the DataProtection key ring. References: https://ubuntu.com/security/notices/USN-8215-1 CVE-2026-40372 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~24.04.1