ALSA-2026:8472

[ALSA-2026:8472] Important: .NET 9.0 security update

Type:

security

Severity:

important

Release date:

2026-04-17

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.116 and .NET Runtime 9.0.15.Security Fix(es):  

  * dotnet: .NET: Security Bypass and Denial of Service Vulnerability (CVE-2026-26171)
  * dotnet: .NET: Denial of Service via stack overflow (CVE-2026-32203)
  * dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform (CVE-2026-33116)
  * dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw (CVE-2026-32178)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dotnet-apphost-pack-9.0-9.0.15-1.el10_1.aarch64.rpm	1246ac75b244ae3655eb33e32e7dbd686784edaffe775e0f7ed6ac06d2183f67
aarch64	dotnet-sdk-dbg-9.0-9.0.116-1.el10_1.aarch64.rpm	16bcbfd47911199e2f131792134e9ab45843d26d9e7014c0382937e9ebc55082
aarch64	dotnet-templates-9.0-9.0.116-1.el10_1.aarch64.rpm	2b20b9123fbd94c5e75d0ef8731bf2c03a21725755fb2c396d3c0f53c3e591d4
aarch64	dotnet-runtime-dbg-9.0-9.0.15-1.el10_1.aarch64.rpm	4d2096849d0eb731d31c9d154c3e491c2a0f0403dc9e89b3ec2f8a8044de8e5f
aarch64	aspnetcore-runtime-dbg-9.0-9.0.15-1.el10_1.aarch64.rpm	65ee5c8d8f0257cd350a1e05f97084b5561385a53d3a6bd789e948c141e16768
aarch64	dotnet-targeting-pack-9.0-9.0.15-1.el10_1.aarch64.rpm	6b3a4d90ba904230da7cb74c1b8f899f36fb69912fecdf269baa2edd4e50c481
aarch64	aspnetcore-targeting-pack-9.0-9.0.15-1.el10_1.aarch64.rpm	b00e2c34eb106375dd2bdf84bbd901ec4799bf7aba1f2fe2fdc67060f5628fbe
aarch64	dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.aarch64.rpm	b770dc98c8219779da1649887a6e6417881cc688e6c6f9cac5d09a591cec8951
aarch64	dotnet-runtime-9.0-9.0.15-1.el10_1.aarch64.rpm	db3b1699b3603720e755960a88684618cf15785403e6059d6a2de7d607cd0c70
aarch64	aspnetcore-runtime-9.0-9.0.15-1.el10_1.aarch64.rpm	dc4d42738177d9e3dc68fd089aa07737839c8bce4b884048510911171bdcbd71
aarch64	netstandard-targeting-pack-2.1-9.0.116-1.el10_1.aarch64.rpm	e62c1e032e8580f4bdb2680faca4e6c61c6ee6b1ea127697ad43971e3b51e13f
aarch64	dotnet-sdk-aot-9.0-9.0.116-1.el10_1.aarch64.rpm	e6c65c4676e78a69a04e5a3a23c30fd55667f58f40704b730ac4fc8361331b53
aarch64	dotnet-sdk-9.0-9.0.116-1.el10_1.aarch64.rpm	ebc19f0f6e9643105c33c6dceef1e72dd598b664ff5c55a288caad2ea137c9d6
aarch64	dotnet-hostfxr-9.0-9.0.15-1.el10_1.aarch64.rpm	f91d7b85677eba2e43548824578fcdb75a1e33fd2e994459819b4f13bddaf0c2
ppc64le	aspnetcore-runtime-9.0-9.0.15-1.el10_1.ppc64le.rpm	07f9860a345aef3808766c9a48173f6596bdfbbbf8c911149b3ab4b08e44e0b3
ppc64le	dotnet-runtime-9.0-9.0.15-1.el10_1.ppc64le.rpm	107a1df7cdc0b64fe8c5777b639a87006ea14ff37b280afab60d0d71c0a134f5
ppc64le	netstandard-targeting-pack-2.1-9.0.116-1.el10_1.ppc64le.rpm	13448bc0c601c8300fec557a58e00636dee87c9457b4a395452acfd0145b2343
ppc64le	dotnet-runtime-dbg-9.0-9.0.15-1.el10_1.ppc64le.rpm	47d0ad133b3e465e9f09c4d19f35c2522f9f2110a0c78f5979e106193e9cd3ca
ppc64le	dotnet-sdk-dbg-9.0-9.0.116-1.el10_1.ppc64le.rpm	68ece212f98c5276dffe1d2cb21283aa1dcb9008fb37002d1838d15033597b2f
ppc64le	dotnet-hostfxr-9.0-9.0.15-1.el10_1.ppc64le.rpm	709ccb5b1df78738e8e6642e5f3e506634c769c4675a25a97558904153ebdef0
ppc64le	dotnet-apphost-pack-9.0-9.0.15-1.el10_1.ppc64le.rpm	8e1bbb040f70ddbc883ebae4b366c1cf3158fa7891cdc0a89e81903ebe92c2d6
ppc64le	aspnetcore-runtime-dbg-9.0-9.0.15-1.el10_1.ppc64le.rpm	c03dd4d387e9a5e2bf99411f7248524342192ca58ec5b46bb668feb5840bcc82
ppc64le	dotnet-templates-9.0-9.0.116-1.el10_1.ppc64le.rpm	c9cffeb533ce795cbcc120dab28d24e3b22fde6a3ada3acd2536e85698b2b2bd
ppc64le	dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.ppc64le.rpm	d66990484649f9c8748b97c75b76b7730b7e33dce89e86eb5771d1fb1a888b0a
ppc64le	aspnetcore-targeting-pack-9.0-9.0.15-1.el10_1.ppc64le.rpm	d9133f15bb25d1c565a068ec5155057a78a3b8240c90ef367d5101de6e9ee376
ppc64le	dotnet-sdk-9.0-9.0.116-1.el10_1.ppc64le.rpm	e215d3918caf7aab6cdfee73f1ff78a5a30fa8e289505e7b418fb989ed02067e
ppc64le	dotnet-targeting-pack-9.0-9.0.15-1.el10_1.ppc64le.rpm	e26d1890c767c429a2b5bc13bbb7422933cc903006ae0f98ee0100f85845e3f6
s390x	aspnetcore-runtime-9.0-9.0.15-1.el10_1.s390x.rpm	274d044e73aeba9118827fbfe0e15d462e0134edd315863c6de835f9cf2c7588
s390x	dotnet-templates-9.0-9.0.116-1.el10_1.s390x.rpm	341b71160dd49c300659b3c6b67e85a11a7291b7dd54e8424d94f832adf59230
s390x	aspnetcore-runtime-dbg-9.0-9.0.15-1.el10_1.s390x.rpm	442f478317f57abe687c601986654592a89ea88dd4e1e91fdb7add7fa019a38a
s390x	dotnet-runtime-dbg-9.0-9.0.15-1.el10_1.s390x.rpm	455378ac850b469752eb60813ef67617b1512d2e89f4341956408142bf281bd7
s390x	dotnet-sdk-dbg-9.0-9.0.116-1.el10_1.s390x.rpm	47599840f12fc1996a36f08864807bc1972cf2c2209b3efc7d4a4633854ade9a
s390x	dotnet-hostfxr-9.0-9.0.15-1.el10_1.s390x.rpm	5a437e5be230182fcc6b3978d5bdb30046850146def8da92ec2d2d1993d4d5d2
s390x	dotnet-runtime-9.0-9.0.15-1.el10_1.s390x.rpm	7f0d68f932016a661cb4850efb184a59dade54a2e88af88645f5f70969ebead4
s390x	dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.s390x.rpm	7fb17bdacbb97f005f5e0b4b76ad71dfad6062391c762746af0cf8b84bd7b66e
s390x	dotnet-targeting-pack-9.0-9.0.15-1.el10_1.s390x.rpm	a28f3e894d893ffbde3f17c4c59b83e050c5443e655adf5c22a288e9df07f3ac
s390x	netstandard-targeting-pack-2.1-9.0.116-1.el10_1.s390x.rpm	a54b9ae6b87e7b17cf88db55e492ae39c6b95d91759a4071fc3a81e6597d5efa
s390x	dotnet-apphost-pack-9.0-9.0.15-1.el10_1.s390x.rpm	e08af93069eb654d35ea38aa8052ded9de406ecf8b3a7c83bd0b016b883bb6a7
s390x	aspnetcore-targeting-pack-9.0-9.0.15-1.el10_1.s390x.rpm	e47e7fc7a9cbdfdebd076a19b79a91b75140571e8469fdd65a083253cbfa3161
s390x	dotnet-sdk-9.0-9.0.116-1.el10_1.s390x.rpm	fb4be14e72ef821ebd4cc3f71435cf5d25508f0f5309fed07289c2d04eb60839
x86_64	netstandard-targeting-pack-2.1-9.0.116-1.el10_1.x86_64.rpm	04eb495624230ad383e5e1d373a6d55a4195c35bbf33e26d7893e62df004380f
x86_64	dotnet-apphost-pack-9.0-9.0.15-1.el10_1.x86_64.rpm	1621cc0278bac543d454a04ab9eee4061b257dbaff36e5d4a8757ebf91fbb498
x86_64	dotnet-runtime-dbg-9.0-9.0.15-1.el10_1.x86_64.rpm	2f773863353fd25e4476190fcb75cda9bd3c2bdaea5755ce4f1749f59814b6ef
x86_64	dotnet-runtime-9.0-9.0.15-1.el10_1.x86_64.rpm	32555e40d5771cdf8467a8c48053af1454a9b9129339facf8e6ccb2a5584b5a4
x86_64	dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.x86_64.rpm	5d01d04ba3ce06c41e0817fb705e899f93f1fcf8138d1d2cb1ed61f74d08c696
x86_64	aspnetcore-runtime-dbg-9.0-9.0.15-1.el10_1.x86_64.rpm	7a072d4d12de71bbab1d9a67c7e381c5a43f1e83c18f2dc9194d1826e5caf42d
x86_64	aspnetcore-runtime-9.0-9.0.15-1.el10_1.x86_64.rpm	980898ac56c69788256ecfb34f24df46be768ab9ad679b81fceec01703f0b970
x86_64	dotnet-sdk-aot-9.0-9.0.116-1.el10_1.x86_64.rpm	9aada30af06903b6ce007b1631e0364800f85c17b1681eee7311e58564e58555
x86_64	aspnetcore-targeting-pack-9.0-9.0.15-1.el10_1.x86_64.rpm	ab957032999647e466ae32adbcb118575e644c2bb051622cd659ddad548809de
x86_64	dotnet-sdk-9.0-9.0.116-1.el10_1.x86_64.rpm	c5e9bd3ee44bcec555aa95ff7fe798dbb06ac24c5a5b3dc99aeb91ac271039a8
x86_64	dotnet-hostfxr-9.0-9.0.15-1.el10_1.x86_64.rpm	ccb4ed148e7c79213e5a57047786df12705520e47c0e1c9d100dd3a75ca6ffc4
x86_64	dotnet-sdk-dbg-9.0-9.0.116-1.el10_1.x86_64.rpm	e40c031955aedf529cc659d0cee73eaf99e341e3dfc7e317d6a989d9f3b07f98
x86_64	dotnet-templates-9.0-9.0.116-1.el10_1.x86_64.rpm	e4a5af754a42286012432f6da33ffc4a1a25a2f5ff91650df8db63e5b3255240
x86_64	dotnet-targeting-pack-9.0-9.0.15-1.el10_1.x86_64.rpm	e96138ea59e1221a5cbf1063fc502a18de9789b7f7ef5ce725bf8ca99c7728d3
x86_64_v2	dotnet-sdk-9.0-source-built-artifacts-9.0.116-1.el10_1.x86_64_v2.rpm	013f7c09c7278334f48d6f5d375b7eb6344df12be4ddbefd9bb6641523e22adc
x86_64_v2	dotnet-templates-9.0-9.0.116-1.el10_1.x86_64_v2.rpm	18df4763f85ccd8accdb31e8cf7e8101a18c2519cc9518bf07e2e7f908694647
x86_64_v2	dotnet-runtime-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	20e0c1fb5edb6130bb1a2d77da8023bec7036264c91c1d38c06d8c5e46fa308c
x86_64_v2	aspnetcore-runtime-dbg-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	2a748235217a3ee29de102f928e6358830a3806ed5d137aef1c601266a9abe8b
x86_64_v2	dotnet-sdk-9.0-9.0.116-1.el10_1.x86_64_v2.rpm	4837aa0147c946714651d06b90de30ca1ed8f5e7f627485e32f0f22ecc4e2dc0
x86_64_v2	aspnetcore-runtime-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	7f40060ae1b0a380c06a2e37a5b5f25979b929f034200250204f5af2d98839e8
x86_64_v2	dotnet-runtime-dbg-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	95039f2e83600a0a6409628a2554d4c501f4f49efb451b09aef686563ec4b209
x86_64_v2	dotnet-apphost-pack-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	a5ad87c6e8daed54b8de843e82ba3f58d7d32301e6ef85122ceec0fd58d7a9a8
x86_64_v2	dotnet-sdk-aot-9.0-9.0.116-1.el10_1.x86_64_v2.rpm	b7f8e6250ce0d19830b9c92e3cccaf41152b1e2c9ec7b123fd84734b33594b16
x86_64_v2	dotnet-hostfxr-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	c02e9a4762cabbf0c5900e83052286a78b091bb1c9aafad75f10bb78c7447094
x86_64_v2	netstandard-targeting-pack-2.1-9.0.116-1.el10_1.x86_64_v2.rpm	c5ac031ab5dc9ce549a86f49d068a65ee88f1b6c84269efe2d6648564a2bc7db
x86_64_v2	dotnet-sdk-dbg-9.0-9.0.116-1.el10_1.x86_64_v2.rpm	d1ad6d80297aad39ee7238cad805225610021152b244ca9c58303cad77eaaae0
x86_64_v2	aspnetcore-targeting-pack-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	e63943d7df6d3b6e5bc2950aae811007913028305c014e7b66b34e871beacbc3
x86_64_v2	dotnet-targeting-pack-9.0-9.0.15-1.el10_1.x86_64_v2.rpm	f8d737b1681b2f73cfc30fed95a6cd6552836ab7f84735b10c8f5b85bf52c442

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.