Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.116 and .NET Runtime 9.0.15.Security Fix(es):
* dotnet: .NET: Security Bypass and Denial of Service Vulnerability (CVE-2026-26171)
* dotnet: .NET: Denial of Service via stack overflow (CVE-2026-32203)
* dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform (CVE-2026-33116)
* dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (CVE-2026-32178)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.aarch64.rpm |
b770dc98c8219779da1649887a6e6417881cc688e6c6f9cac5d09a591cec8951 |
| ppc64le |
dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.ppc64le.rpm |
d66990484649f9c8748b97c75b76b7730b7e33dce89e86eb5771d1fb1a888b0a |
| s390x |
dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.s390x.rpm |
7fb17bdacbb97f005f5e0b4b76ad71dfad6062391c762746af0cf8b84bd7b66e |
| x86_64 |
dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.x86_64.rpm |
5d01d04ba3ce06c41e0817fb705e899f93f1fcf8138d1d2cb1ed61f74d08c696 |
| x86_64_v2 |
dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.x86_64_v2.rpm |
013f7c09c7278334f48d6f5d375b7eb6344df12be4ddbefd9bb6641523e22adc |
