lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071103155214.GA4836@galadriel.inutil.org>
Date: Sat, 3 Nov 2007 16:52:14 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1397-1] New mono packages fix integer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1397-1                    security@...ian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
November 3rd, 2007                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mono
Vulnerability  : integer overflow
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-5197

An integer overflow in the BigInteger data type implementation has been
discovred in the free .NET runtime Mono.

The oldstable distribution (sarge) doesn't contain mono.

For the stable distribution (etch) this problem has been fixed in
version 1.2.2.1-1etch1. A powerpc build will be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your mono packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1.dsc
      Size/MD5 checksum:     2536 690ff9b73b11712dafff48f4e573d844
    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1.diff.gz
      Size/MD5 checksum:    42815 a36c23b70d5f8c5042bae441c648f52b
    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1.orig.tar.gz
      Size/MD5 checksum: 19979026 b67ef657b83ca26249d7b9e9c5e7da69

  Architecture independent components:

    http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    20926 d02d121b86ea13531199e1786e73d1c3
    http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    20856 e0e9b75f711cb831d6348ccc9b2e7c07
    http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.1-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    88810 f9d42b9343e99e77ad20709bb8372b51
    http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.2-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    88862 685c943b69999d6a7adf5038985c08b5
    http://security.debian.org/pool/updates/main/m/mono/libmono-c5-1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   223620 878f83d238af926295a8fa6afe8df3e0
    http://security.debian.org/pool/updates/main/m/mono/libmono-cairo1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    46194 9ec684d4784404eaa6d35ff0d3444311
    http://security.debian.org/pool/updates/main/m/mono/libmono-cairo2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    46008 e7aa7d9c6fd374cfd0b1633525928c7a
    http://security.debian.org/pool/updates/main/m/mono/libmono-corlib1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  1796690 e2d33d239a6d10e7ff936a0d8d99c428
    http://security.debian.org/pool/updates/main/m/mono/libmono-corlib2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  2042898 03abdd8d7dc89bb7042b50a963736b34
    http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd7.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    24964 c2efe20fe8ca262dbb9528f8d074f01c
    http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd8.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    25184 0269e6ecb0c42331bf0b84027c365016
    http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    63412 adddd438a4bdd6c8d67724d78c7575ba
    http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    66572 8d0383577fab9fda56fb3a591cf3f4bb
    http://security.debian.org/pool/updates/main/m/mono/libmono-firebirdsql1.7-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   288208 a618ebd6f6be362e742e13c40b9ac645
    http://security.debian.org/pool/updates/main/m/mono/libmono-ldap1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   209962 7ff6bc9fe2f8edbb71860156f005a85e
    http://security.debian.org/pool/updates/main/m/mono/libmono-ldap2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   209924 520f9d0b7f504e996a768173bbbe702f
    http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft-build2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   207936 f7033604ac795332aee7dca7eaffab7b
    http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft7.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   256114 b086fad7713d77ec53334caa664fcfab
    http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft8.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   256164 7dcaf6bae502b45bb7d1c23474791d0b
    http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   128044 d12d1f98efb116b4f3b14fe149b18106
    http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   128046 722eb37bc3525c9094f5efaed0e27bf5
    http://security.debian.org/pool/updates/main/m/mono/libmono-oracle1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   111426 f52ddfc4e9224df1bfa2a9ecfd6a654a
    http://security.debian.org/pool/updates/main/m/mono/libmono-oracle2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   111038 737f5cad01c2de39b98c887f1377a8a1
    http://security.debian.org/pool/updates/main/m/mono/libmono-peapi1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    99162 5d8084c4fb47df3811aad75b56030976
    http://security.debian.org/pool/updates/main/m/mono/libmono-peapi2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    99252 9d3947b9476412b0d3b4801de3aa0174
    http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   171852 7bb5b1a89f808b4b1e944f1fe7e9b325
    http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   172276 76927b2c2acb8bbf1401b2f08873dac8
    http://security.debian.org/pool/updates/main/m/mono/libmono-security1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   232218 cc64c5987ebfe92ec336263d21fb0f47
    http://security.debian.org/pool/updates/main/m/mono/libmono-security2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   233346 124a4af44bec04cbb95e221eeeb44a4a
    http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.6-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   105428 0c45cd7bde57d392ad277e0b2b8021dc
    http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.84-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   126244 4ed4164c8826b6bdded35eb84fc382d7
    http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.6-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   105506 2fe08a03e7c51a3e9d4d6aa8762cb37b
    http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.84-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   126304 743cafdb99c5b3a3e35b5f9e2e2f08ff
    http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    43516 3327d1d49bc97d19db2d0a8b61a26917
    http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    43506 f57fa7a5fe65a406d6d2b45c59e16bd3
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-data1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   435142 87789fcd551d9d50c03685101f131946
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-data2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   519990 115c23eb418c955f2ed707a6d74b36f6
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    48114 8309c8db106d7d899753b5423edc4300
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    48074 80b8760b5f12c9d629f41f2746c7f244
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    64276 dc332b77384c875f2d796d84bef786fb
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    64264 6c5ccefd9ada8cb31fe05de0f1529f07
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   112958 9c9f35dd37ba3fdadc37a2dead326fa5
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   130466 5f73bd56ea1b7d3fad8f07592a4af67e
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-web1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   738654 23e25d755446735f77797ae4dbcf02a4
    http://security.debian.org/pool/updates/main/m/mono/libmono-system-web2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  1447448 cc0e9de505364ce60d46a295ad1fad4f
    http://security.debian.org/pool/updates/main/m/mono/libmono-system1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  1686030 8ddfa23403689c1f97886a9e1a865db3
    http://security.debian.org/pool/updates/main/m/mono/libmono-system2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  2224592 0f9b0518dc09a98a5ac01d28b84fd43c
    http://security.debian.org/pool/updates/main/m/mono/libmono-winforms1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  1393032 3f65fa6c71f92ad4588a7318276c378e
    http://security.debian.org/pool/updates/main/m/mono/libmono-winforms2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:  1689678 216ae80afc19d2eb5e94cd33cb6efdfe
    http://security.debian.org/pool/updates/main/m/mono/libmono1.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   394524 bc958956b138b0172a77cd9adcce733a
    http://security.debian.org/pool/updates/main/m/mono/libmono2.0-cil_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   394534 f3360dc37e12b0814ca32ca48852fc66
    http://security.debian.org/pool/updates/main/m/mono/mono-gac_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    30680 15bbcbf06bb771d85067bbb5fe4973cd
    http://security.debian.org/pool/updates/main/m/mono/mono-gmcs_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   815244 386ad3abda1bc137e9e26327ef8f729a
    http://security.debian.org/pool/updates/main/m/mono/mono-mcs_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:   988382 ea67fcc1e19fa99975c5c880543a1990
    http://security.debian.org/pool/updates/main/m/mono/mono-mjs_1.2.2.1-1etch1_all.deb
      Size/MD5 checksum:    26752 805b856b0c85816b99e1ade3c3509f02

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:  1142876 5f299302075de6463557074fe9c70dc9
    http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:   850862 c54a56330b1f23cf654afaeaeb273943
    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:     1224 e76e27f0bf91ee4560a2472557075355
    http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:    97088 13b15c279671ca4220a1fb1df589b026
    http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:    17084 01a4c5bdb22091672ca682c06f91bb1a
    http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:    61050 4fc383315e15cb7348aec6b3482ce5a6
    http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:   745536 eedf98656a6e2f2624ea54507fffa111
    http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:    17054 b4011469915df10de91196be9bb0f0c6
    http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_amd64.deb
      Size/MD5 checksum:  1120806 76e7635cea950b89efe22cebe3ddd183

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:  1055134 feb1dae790628d833aeb1ad5d5b49a47
    http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:   782388 0363966b23932b51b4808dc298588b45
    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:     1224 b131a782076ff0241813f355b4224a63
    http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:    95752 c0edfa13fae9e22608665fc33c264a15
    http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:    17088 c20515b05d012e85d4bbc42f6840e28e
    http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:    61398 b9d465c9e67af1082e572db1067d273c
    http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:   679070 4ad5ee1e7f10585abb1cdfae1623c586
    http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:    17052 63425b4783337dfbeff8d22000da0b20
    http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_arm.deb
      Size/MD5 checksum:  1055504 54613267f35d45757077a81770ee7bf0

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:  1056588 ab6bec82baebd30a61d9d86bd142ba99
    http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:   775306 f4ab41beb2e68058ab6c8d6abb1884da
    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:     1222 f7c3d2e9d42d3f2fa4caa99050219f4f
    http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:    96800 609cf64aeccde22225d667c51cd2adc0
    http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:    17080 ebc41e48782f7fdee64e73347e8bb0a6
    http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:    54994 4e751e2a709951b6a4e5030c9e4437e9
    http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:   670186 7e55db852cb362f68336b6a1ead157ad
    http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:    17044 1996e25314bc972f7c7ceef44c3a1a30
    http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_i386.deb
      Size/MD5 checksum:  1035690 2728352f87d6d6b68a637a259da9b2ae

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:  1572222 942b9dae42083392f09e962b1dcff8d8
    http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:  1153008 c1c446735dcddacdc406898080f27fd2
    http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:     1220 9d62681eca4e2327eeb109905009ebf6
    http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:    99040 750b89739f7a5f1dc2051686514561df
    http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:    17082 78680ea864fc7fd56701748da60f761e
    http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:    81032 2ec0d0295ec74cdc69ab2638afc7bb9f
    http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:  1052472 f1e13c743493c8abb0738313f96b9851
    http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:    17050 ecb577d4e3506910c7b3b857d3b0d04a
    http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_ia64.deb
      Size/MD5 checksum:  1515488 8201bc0b63900af5706b36239380c3f4


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHLJjpXm3vHE4uyloRAmjZAKDnTf7/rvIzcRz4r/vb/VFNYLnP5gCfU/5p
bbSbuOBgTxa0Rz0pjp1+eaA=
=NLul
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ