[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061004171841.GK4948@piware.de>
Date: Wed, 4 Oct 2006 19:18:41 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-357-1] Mono vulnerability
===========================================================
Ubuntu Security Notice USN-357-1 October 04, 2006
mono vulnerability
CVE-2006-5072
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
mono-classlib-1.0 1.1.8.3-1ubuntu2.1
mono-classlib-2.0 1.1.8.3-1ubuntu2.1
Ubuntu 6.06 LTS:
mono-classlib-1.0 1.1.13.6-0ubuntu3.1
mono-classlib-2.0 1.1.13.6-0ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Sebastian Krahmer of the SuSE security team discovered that the
System.CodeDom.Compiler classes used temporary files in an insecure
way. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the program.
Under some circumstances, a local attacker could also exploit this to
inject arbitrary code into running Mono processes.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1.diff.gz
Size/MD5: 37812 6e222e5c13002ceca8e1e5efd82036e0
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1.dsc
Size/MD5: 1020 605b25e63537ae93e630df34f8a7ae20
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3.orig.tar.gz
Size/MD5: 15348432 5aefdc915cbd6ed84834692f59b92080
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-assemblies-base_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 36654 b8f7a5eee8121212b3b04aad24d2b244
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0-dbg_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 3505034 621f1c7a211254305df73f51e4f13a4d
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 3837708 d71d24b2692563b1b693d2c12bfecee7
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-classlib-2.0-dbg_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 4022756 9fc1a800a4d1987b6d07c041f2466a87
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-classlib-2.0_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 4308358 6ecf87dfeb0e6842f4225f1073098cab
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-gac_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 47462 eda8167aac2ccf64d249c75234f48be7
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-gmcs_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 629766 da95636cd70d27125a5d9370b26b7ead
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-mcs_1.1.8.3-1ubuntu2.1_all.deb
Size/MD5: 1325110 a7fd2ef6b36717d2f326744e7730c601
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 1058456 945f973f715f24adb4bc0df5c86a1c05
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 804932 eb2ffc9e912807e8fa415101c3eff48a
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 128100 0e76abfc2c0c748a4d8a930306e293ca
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 36698 9438d7c7f63899f72cdec55d6834f711
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 54668 f1b326f1a327694c545203e35afebfd7
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 669934 3f9b7d62bab94e98a290e16e2bd7342b
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 1057068 6084bd8ec71f685f8fe8d832f6a76442
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1_amd64.deb
Size/MD5: 1168 3d3166c3360341775d9908d53890e4fc
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 951222 dd9882797594ccc04b5dbb7e78c49756
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 726766 9610cca518cf9bd22e15a426d4a486c4
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 127854 36c79ed35e3c4d0f16a5afb159315e45
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 36694 78011b14c0e993a71891b0a4388d262b
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 47706 9556d6aae77e0c27eda0d53c702ea800
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 581996 d41c5fa8382e158597b266a07c96af89
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 958318 30f8b6ef7816c071e6ed4ac2d1f5a908
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1_i386.deb
Size/MD5: 1166 bf117002f29b4be8fd83572749974701
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 1017924 5d8152155108c344e7481e7065729572
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 758916 bcdd81cfc6e1478e432dcd88515dbd6c
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 128486 b1aaca6bd7263f87c5bb99c1efc76223
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 36696 5c0788b1c26a534d6f083462791eb33a
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 53586 1f233051aa253135bdc72bfc1f919153
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 629474 2fd9cdd6635a966cf99b09efcf64bea9
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 1040442 f14beea838678f44dcc632e9791e3325
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1_powerpc.deb
Size/MD5: 1168 97bb3b68493b6645f99c458ee970fdde
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1.diff.gz
Size/MD5: 47127 39074d36f587a3a452dd339ac3c577c8
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1.dsc
Size/MD5: 1047 70243a5a63ad8cdf970fdf6c37dc6bfd
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6.orig.tar.gz
Size/MD5: 18217583 330cc66c6a44525950daf10c4f17c10e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-assemblies-base_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 41952 38e5d79b399a27aa05a0456033bafb3b
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0-dbg_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 3794992 56026ef395ea4ed74676cbb871e3010e
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 4560146 3fbe02e71427cfe4a1e1783cb43602c1
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-classlib-2.0-dbg_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 4568340 f803afc5f3e19910476d76b845e91249
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-2.0_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 5218424 951734a948d1291a3c6534a858898460
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-gac_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 53180 86ae1e6721ebb16d23b03a19abb27fb6
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-gmcs_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 841018 c90055d4e6de2e8eb900be588dd03b95
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-mcs_1.1.13.6-0ubuntu3.1_all.deb
Size/MD5: 1415790 6acb8066c16f5a04eb462e9ccf662d6a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 1127592 936fd62104079ba8d8bd663e148a1b8d
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 865988 0d7b06ab46d2c74783af607106351460
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 115862 0b06a012a63b7ae7893e06cf556364a7
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 41980 87527fe4be8ea1b9350a4aea71e85928
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 57544 b234ff59042049ba43f45ef1ed7e77b1
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 12926 e77315930a48494701dc8e5702f61da1
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 1117486 21cd8363acd2aa476428e3e17b39bdd9
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_amd64.deb
Size/MD5: 1208 418f84293394b80bddf3cabb1ffcb33e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 1017258 bcc82a02c9e257d106e28f833099795f
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 780460 da70212af024d15eac281adb398fcb87
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 115438 c9898401cd7c386afd8c64bf2f7d288f
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 41976 e5ea69677bab8f821cb82539fb79a0a0
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 50614 42d4cf2690a408d31c1fc01d02b31528
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 12724 0c7cb1e40138d20e8b9241a3772f15c8
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 1014922 fa916a1bd4e2d6a4746e38dd79f41596
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_i386.deb
Size/MD5: 1208 ae7e5deafeac6443fc4c1010dc778218
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 1085088 a23c3db696410111ead8f9ead2fd2408
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 816162 2ec94deecf9f3adb73993c8f44cd575c
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 116400 b596f0d4133c224e83976555ee9a69ae
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 41980 8ee288899bd0901011be6bc938d9390a
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 56572 8ca49da5a086f690f9b576e9f81f8a6b
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 14786 339fb0abad2ae8ee82269d9588413be7
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 1102850 087852786a14d21730151fb7a51607cb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_powerpc.deb
Size/MD5: 1212 39510a31cb7af3b72cf016a2d6013d7b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 1092966 5eccaa96feca0c7269a9194b58738874
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 820852 9eb63a6e7f1d687a7f593af523ec6260
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 115984 ce9248b83e58b49ec15cdd76f0779855
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 41980 299f5c233a182adc71f36c9f6f2f3173
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 53568 1eeebde75ac92a499744b18f3186bfd0
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 13004 cc3edd29d1d365cf72f0937350504a40
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 1049752 b53289c6312c9dab5aaffee77c20704e
http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_sparc.deb
Size/MD5: 1214 9f332bf9edc0170fd32254a6f8f1940a
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists