Red Hat Product Errata RHSA-2026:22145 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22145 - Security Advisory Overview Updated Packages Synopsis Important: .NET 10.0 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for .NET 10.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es): dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2476605 - CVE-2026-42899 dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVEs CVE-2026-42899 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM dotnet10.0-10.0.108-1.el10_2.src.rpm SHA-256: c6448a5953f239b5f05477de7903197e6361767c75a3dfdaa06983f2e806ea8b x86_64 aspnetcore-runtime-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 7bca2d84a06ba7a27397e7c2e17eda960d219cb3f61c6f47aa2ba7068701b8c7 aspnetcore-runtime-dbg-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 34534b32522bb76829a16a208031ce9bd306f4131b672b72f6b2a4fb5f0f0daf aspnetcore-targeting-pack-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 89e102126e66d16199f67f41fde5ca678c9f41d21cdfa1d284bfeca8dcd5026a dotnet-apphost-pack-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: a72ae8d413acbb80ec44694b1449320638e55650d249e283dd6bcc39dd2df175 dotnet-apphost-pack-10.0-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: f6de7fd13a156552cc53de280758b7432838274f17c0b336b1020ebee3910ada dotnet-host-10.0.8-1.el10_2.x86_64.rpm SHA-256: b2e6448b89809b669c0e1bdc1b9eae70bff5c371c58600e04b55bd8f8d0efc96 dotnet-host-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: 01dc4090dc38c3677db4d23d94b1818334c82f14d4fe6e4606e3c63e93d91c1d dotnet-hostfxr-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: ff4cbe1e7335c724083f661a0552f84cfa512cdb1c464f4aa9b7596555e41aa7 dotnet-hostfxr-10.0-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: eaaf4844b3d3cf6a2d64855008649eebd1434269f69d3cc95e5e0a134e690ae6 dotnet-runtime-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: d7550677822b8f63206025f236767af8ed3ad1525a8994f05a30be74ad89a27e dotnet-runtime-10.0-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: fe257402ef5134584f45a640f632371385c9dfebcee40bc314efdeed33c58d08 dotnet-runtime-dbg-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 229bad8aef27ba9735d500fd8fdb3e590068d88550f120f4783e15a8e66f2b5d dotnet-sdk-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: c7f6dcebb3503c2c13979ec6927794866d6a0617c034daa4c27aaa46c0553f92 dotnet-sdk-10.0-debuginfo-10.0.108-1.el10_2.x86_64.rpm SHA-256: 6d386baee3eacb36d7ea7311c835b0167aced796ca5e7f11657a61f81ad15719 dotnet-sdk-aot-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: 68a10d3831abfb89745a6bf3e6a11cb34f2db50ecf063216dae1c382930cf8b7 dotnet-sdk-aot-10.0-debuginfo-10.0.108-1.el10_2.x86_64.rpm SHA-256: d0460e2bb91c11f7fec58020b35458dd2a8ebb12a7e22f110077352da1f34a24 dotnet-sdk-dbg-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: 2141495638c9d76d2a41ebe9d3b5cb9da3c344acb0d5231c08333cb590c219af dotnet-targeting-pack-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 41dbc5943aab3e9b5d9e47ab263d445e0b95b114fdac63b384abd039ee1c6062 dotnet-templates-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: 890a43908cb44251dc51a1e0ff67e543cd081cc31c336076f77a9f1285f54155 dotnet10.0-debugsource-10.0.108-1.el10_2.x86_64.rpm SHA-256: 3829feb79b0cf11831b2b1303a2e071812e2200e28b5158bccc88bf3d1c48321 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM dotnet10.0-10.0.108-1.el10_2.src.rpm SHA-256: c6448a5953f239b5f05477de7903197e6361767c75a3dfdaa06983f2e806ea8b x86_64 aspnetcore-runtime-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 7bca2d84a06ba7a27397e7c2e17eda960d219cb3f61c6f47aa2ba7068701b8c7 aspnetcore-runtime-dbg-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 34534b32522bb76829a16a208031ce9bd306f4131b672b72f6b2a4fb5f0f0daf aspnetcore-targeting-pack-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 89e102126e66d16199f67f41fde5ca678c9f41d21cdfa1d284bfeca8dcd5026a dotnet-apphost-pack-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: a72ae8d413acbb80ec44694b1449320638e55650d249e283dd6bcc39dd2df175 dotnet-apphost-pack-10.0-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: f6de7fd13a156552cc53de280758b7432838274f17c0b336b1020ebee3910ada dotnet-host-10.0.8-1.el10_2.x86_64.rpm SHA-256: b2e6448b89809b669c0e1bdc1b9eae70bff5c371c58600e04b55bd8f8d0efc96 dotnet-host-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: 01dc4090dc38c3677db4d23d94b1818334c82f14d4fe6e4606e3c63e93d91c1d dotnet-hostfxr-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: ff4cbe1e7335c724083f661a0552f84cfa512cdb1c464f4aa9b7596555e41aa7 dotnet-hostfxr-10.0-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: eaaf4844b3d3cf6a2d64855008649eebd1434269f69d3cc95e5e0a134e690ae6 dotnet-runtime-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: d7550677822b8f63206025f236767af8ed3ad1525a8994f05a30be74ad89a27e dotnet-runtime-10.0-debuginfo-10.0.8-1.el10_2.x86_64.rpm SHA-256: fe257402ef5134584f45a640f632371385c9dfebcee40bc314efdeed33c58d08 dotnet-runtime-dbg-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 229bad8aef27ba9735d500fd8fdb3e590068d88550f120f4783e15a8e66f2b5d dotnet-sdk-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: c7f6dcebb3503c2c13979ec6927794866d6a0617c034daa4c27aaa46c0553f92 dotnet-sdk-10.0-debuginfo-10.0.108-1.el10_2.x86_64.rpm SHA-256: 6d386baee3eacb36d7ea7311c835b0167aced796ca5e7f11657a61f81ad15719 dotnet-sdk-aot-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: 68a10d3831abfb89745a6bf3e6a11cb34f2db50ecf063216dae1c382930cf8b7 dotnet-sdk-aot-10.0-debuginfo-10.0.108-1.el10_2.x86_64.rpm SHA-256: d0460e2bb91c11f7fec58020b35458dd2a8ebb12a7e22f110077352da1f34a24 dotnet-sdk-dbg-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: 2141495638c9d76d2a41ebe9d3b5cb9da3c344acb0d5231c08333cb590c219af dotnet-targeting-pack-10.0-10.0.8-1.el10_2.x86_64.rpm SHA-256: 41dbc5943aab3e9b5d9e47ab263d445e0b95b114fdac63b384abd039ee1c6062 dotnet-templates-10.0-10.0.108-1.el10_2.x86_64.rpm SHA-256: 890a43908cb44251dc51a1e0ff67e543cd081cc31c336076f77a9f1285f54155 dotnet10.0-debugsource-10.0.108-1.el10_2.x86_64.rpm SHA-256: 3829feb79b0cf11831b2b1303a2e071812e2200e28b5158bccc88bf3d1c48321 Red Hat Enterprise Linux for IBM z Systems 10 SRPM dotnet10.0-10.0.108-1.el10_2.src.rpm SHA-256: c6448a5953f239b5f05477de7903197e6361767c75a3dfdaa06983f2e806ea8b s390x aspnetcore-runtime-10.0-10.0.8-1.el10_2.s390x.rpm SHA-256: abae5f2e2e769cfeff228e92c06a0f912e44849f4f77bce5cb5e1b7b30d006a1 aspnetcore-runtime-dbg-10.0-10.0.8-1.el10_2.s390x.rpm SHA-256: 059729ceb3093f54d75ba01f4b0ac801ae1bc32c6ebec30cbf96448f698d7fa7 aspnetcore-targeting-pack-10.0-10.0.8-1.el10_2.s390x.rpm SHA-256: 7016b331037ddc216990e50fefe097605f3c7015c7145da26835f257b20ef20b dotnet-apphost-pack-10.0-10.0.8-1.el10_2.s390x.rpm SHA-256: da46a243b598ba326870c028086b3edffdbc988e41a62486fb7393c5d8d3cd0f dotnet-apphost-pack-10.0-debuginfo-10.0.8-1.el10_2.s390x.rpm SHA-256: 0c93fcc4847b844995db28799ed5847edaf89ac8f7523673b48c6e39af9597ea dotnet-host-10.0.8-1.el10_2.s390x.rpm SHA-256: 2b72fcac14f23751d5f386a0024c24467a88c359581a8acc7b9f100165dcf4b1 dotnet-host-debuginfo-10.0.8-1.el10_2.s390x.rpm SHA-256: a32e59cb911fd1e2e67ce92da3cf7123b818c4733542a836c93c91bbb4d106d2 dotnet-hostfxr-10.0-10.0.8-1.el10_2.s390x.rpm SHA-256: