lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IsLzx-0006q7-DN@artemis.annvix.ca>
Date: Wed, 14 Nov 2007 10:25:57 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:218 ] - Updated mono packages fix
 arbitrary code execution vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:218
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mono
 Date    : November 14, 2007
 Affected: 2007.0, 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class
 in Mono 1.2.5.1 and previous versions, which allows arbitrary code
 execution by context-dependent attackers.
 
 Updated packages fix this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5197
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 b9d567706da7df90b47ba3a7d19860bc  2007.0/i586/jay-1.1.17.1-5.3mdv2007.0.i586.rpm
 8761f440233b19cd1cd0a89f570645ab  2007.0/i586/libmono-runtime-1.1.17.1-5.3mdv2007.0.i586.rpm
 ec8c893fb7dce3ac0a84a25354ae5b71  2007.0/i586/libmono0-1.1.17.1-5.3mdv2007.0.i586.rpm
 be7674691a7e993be13a4881cdf8e1c4  2007.0/i586/libmono0-devel-1.1.17.1-5.3mdv2007.0.i586.rpm
 dd69d1b1d77a970bbd69deeca3cba072  2007.0/i586/mono-1.1.17.1-5.3mdv2007.0.i586.rpm
 4be1187e19e3cbfc571418dc05c29194  2007.0/i586/mono-data-sqlite-1.1.17.1-5.3mdv2007.0.i586.rpm
 19f7a6a36839e454b744f082792a95e5  2007.0/i586/mono-doc-1.1.17.1-5.3mdv2007.0.i586.rpm 
 05069e51e4b6e18973bd3727af71eda4  2007.0/SRPMS/mono-1.1.17.1-5.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 6821742c220f15a204f6c11e1097da73  2007.0/x86_64/jay-1.1.17.1-5.3mdv2007.0.x86_64.rpm
 434778d7a971fdccea1e0f2186e964f9  2007.0/x86_64/lib64mono0-1.1.17.1-5.3mdv2007.0.x86_64.rpm
 656169f3f2901ff4fa9de7b895a97333  2007.0/x86_64/lib64mono0-devel-1.1.17.1-5.3mdv2007.0.x86_64.rpm
 1f4e0426187652ba278fe7ff2d6b097b  2007.0/x86_64/libmono-runtime-1.1.17.1-5.3mdv2007.0.x86_64.rpm
 51f510ba19d6c613a5a0569291c449f8  2007.0/x86_64/mono-1.1.17.1-5.3mdv2007.0.x86_64.rpm
 4b3a0a3bf7eee78062dcd71bd2ba5889  2007.0/x86_64/mono-data-sqlite-1.1.17.1-5.3mdv2007.0.x86_64.rpm
 3591ed164f177be930c137395e7aa59f  2007.0/x86_64/mono-doc-1.1.17.1-5.3mdv2007.0.x86_64.rpm 
 05069e51e4b6e18973bd3727af71eda4  2007.0/SRPMS/mono-1.1.17.1-5.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 cd8398d38826f2c2b1f4c1ebdbc05d4e  2007.1/i586/jay-1.2.3.1-4.1mdv2007.1.i586.rpm
 d2fde2f68ec91f4ac815de617c36a54d  2007.1/i586/libmono0-1.2.3.1-4.1mdv2007.1.i586.rpm
 f084c0e39b28522e50e1929726c00e87  2007.1/i586/libmono0-devel-1.2.3.1-4.1mdv2007.1.i586.rpm
 cc4e1ec31cdedda7ffea4dfa907e75b0  2007.1/i586/mono-1.2.3.1-4.1mdv2007.1.i586.rpm
 d2bbc574fd1d9ec309d760da6ed310f6  2007.1/i586/mono-bytefx-data-mysql-1.2.3.1-4.1mdv2007.1.i586.rpm
 a3e21245b230ab317925ab948125ffd6  2007.1/i586/mono-data-1.2.3.1-4.1mdv2007.1.i586.rpm
 fe40d27e56faac9c2d9167ebed3aaf48  2007.1/i586/mono-data-firebird-1.2.3.1-4.1mdv2007.1.i586.rpm
 8b023626db80ca7d2b452ce1f9582462  2007.1/i586/mono-data-oracle-1.2.3.1-4.1mdv2007.1.i586.rpm
 a91ed3d8d46c3da92fa0484a4584d21c  2007.1/i586/mono-data-postgresql-1.2.3.1-4.1mdv2007.1.i586.rpm
 bba894fa17420fc37ff97946d28fb7a9  2007.1/i586/mono-data-sqlite-1.2.3.1-4.1mdv2007.1.i586.rpm
 d4556931bee6df1b31216ecbd1c9c09d  2007.1/i586/mono-data-sybase-1.2.3.1-4.1mdv2007.1.i586.rpm
 7fd252b7125622227dd27d73bd6cd12d  2007.1/i586/mono-doc-1.2.3.1-4.1mdv2007.1.i586.rpm
 1f681e0ef96b53c40526fae5aaa9e78c  2007.1/i586/mono-extras-1.2.3.1-4.1mdv2007.1.i586.rpm
 de3caa8e2c13781dc9cf40c50a78b73c  2007.1/i586/mono-ibm-data-db2-1.2.3.1-4.1mdv2007.1.i586.rpm
 f406edad2c786cb651f2637d8a7a206b  2007.1/i586/mono-jscript-1.2.3.1-4.1mdv2007.1.i586.rpm
 34820957e0678deeb59537c194ae8cee  2007.1/i586/mono-locale-extras-1.2.3.1-4.1mdv2007.1.i586.rpm
 6a2a33508c23763e0d66714017d13cb0  2007.1/i586/mono-nunit-1.2.3.1-4.1mdv2007.1.i586.rpm
 cd73df7c62fe129a21c7ce6c46a21fa5  2007.1/i586/mono-web-1.2.3.1-4.1mdv2007.1.i586.rpm
 791cc17afcc4cc1446e4bf5f0483ba69  2007.1/i586/mono-winforms-1.2.3.1-4.1mdv2007.1.i586.rpm 
 5a2decbedede539c73c34cd2abe53c9c  2007.1/SRPMS/mono-1.2.3.1-4.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 4a4cd3e01867703e87629c1803bc1fd2  2007.1/x86_64/jay-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 04a0cd2fa60cfed84164758a04fe381a  2007.1/x86_64/lib64mono0-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 5abe1519303796c34ed013705b3e8eff  2007.1/x86_64/lib64mono0-devel-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 c91bab9f4fb6f53425b1d8f05f5adaf6  2007.1/x86_64/mono-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 9473cb69096d859f36c42778ff48f71d  2007.1/x86_64/mono-bytefx-data-mysql-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 e1d135f40c1373897186701da080c8e1  2007.1/x86_64/mono-data-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 740160f5eadbb54ed7b3c1215370ea88  2007.1/x86_64/mono-data-firebird-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 d81fd851fda6a45961ab76c153c0675e  2007.1/x86_64/mono-data-oracle-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 424430479555ed5fe10e5d218ad13fd8  2007.1/x86_64/mono-data-postgresql-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 1476bc4ed69f320e68785876653c0606  2007.1/x86_64/mono-data-sqlite-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 2c42f6fe92a60b23da0f1a0b74a66e2b  2007.1/x86_64/mono-data-sybase-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 b9c4deb20f3456f0dc7dca799987278e  2007.1/x86_64/mono-doc-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 a8eefbbece276c42d9e572f3bef767ee  2007.1/x86_64/mono-extras-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 5f5581ae0d391076ae0e859fc4093715  2007.1/x86_64/mono-ibm-data-db2-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 56ad0c6839e7c68fc825e3d29b306094  2007.1/x86_64/mono-jscript-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 bc58088122c0d6585070f0f7fa15931d  2007.1/x86_64/mono-locale-extras-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 0a75d2d72852a077caed4176d529c086  2007.1/x86_64/mono-nunit-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 27abf19112802f836ebb5d4d56d49483  2007.1/x86_64/mono-web-1.2.3.1-4.1mdv2007.1.x86_64.rpm
 399b685114b2eaeb791a926993cd5598  2007.1/x86_64/mono-winforms-1.2.3.1-4.1mdv2007.1.x86_64.rpm 
 5a2decbedede539c73c34cd2abe53c9c  2007.1/SRPMS/mono-1.2.3.1-4.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 8ebdfb9c02b64ea41d9b100f65812f90  2008.0/i586/jay-1.2.5-4.1mdv2008.0.i586.rpm
 ae31ade214e1694544eadaae2b9ca0aa  2008.0/i586/libmono-devel-1.2.5-4.1mdv2008.0.i586.rpm
 9bc3d1b07aedfb72c0b7276e98530786  2008.0/i586/libmono0-1.2.5-4.1mdv2008.0.i586.rpm
 5b062672af0f1096d4b2699b41500c5b  2008.0/i586/mono-1.2.5-4.1mdv2008.0.i586.rpm
 3e8b3c16413b79faafb56a6471ad2d60  2008.0/i586/mono-bytefx-data-mysql-1.2.5-4.1mdv2008.0.i586.rpm
 bdb4e353c8e193ed649d964eca8cbbf7  2008.0/i586/mono-data-1.2.5-4.1mdv2008.0.i586.rpm
 df182a6fc664a185ddba5621c808c29c  2008.0/i586/mono-data-firebird-1.2.5-4.1mdv2008.0.i586.rpm
 ac5c709280054dcf13782403d7582cc8  2008.0/i586/mono-data-oracle-1.2.5-4.1mdv2008.0.i586.rpm
 c0080d22b45914d1181462d7dbb09bcf  2008.0/i586/mono-data-postgresql-1.2.5-4.1mdv2008.0.i586.rpm
 9ebc86ecc9643c293b70ff34fa28dfeb  2008.0/i586/mono-data-sqlite-1.2.5-4.1mdv2008.0.i586.rpm
 f6b216abca966428e1adafcaccf51a4c  2008.0/i586/mono-data-sybase-1.2.5-4.1mdv2008.0.i586.rpm
 c82d4dbb2201f27a0d212a490711bbc0  2008.0/i586/mono-doc-1.2.5-4.1mdv2008.0.i586.rpm
 f83711d4aff6061e2fb8ea8f13cb5a4a  2008.0/i586/mono-extras-1.2.5-4.1mdv2008.0.i586.rpm
 27cf05aeab8509daf43c8aaf96974cea  2008.0/i586/mono-ibm-data-db2-1.2.5-4.1mdv2008.0.i586.rpm
 d14a632cc577a9cf0bb387cb3fc8cd88  2008.0/i586/mono-jscript-1.2.5-4.1mdv2008.0.i586.rpm
 96b39905bd9b06d3a1c1fd399a6d1d29  2008.0/i586/mono-locale-extras-1.2.5-4.1mdv2008.0.i586.rpm
 8e3d7d4c6c27fa371e66a99037dc25ee  2008.0/i586/mono-nunit-1.2.5-4.1mdv2008.0.i586.rpm
 b10b94480ed8fa1c0e40669b1fda5a75  2008.0/i586/mono-web-1.2.5-4.1mdv2008.0.i586.rpm
 8f8a46bd23974b0382cae45edd159ea2  2008.0/i586/mono-winforms-1.2.5-4.1mdv2008.0.i586.rpm 
 d427c1ad2eccc2bec9df627e80cdf97b  2008.0/SRPMS/mono-1.2.5-4.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 0f90edb5947c9623cf4b76fe3231a708  2008.0/x86_64/jay-1.2.5-4.1mdv2008.0.x86_64.rpm
 17f5a15741b01ca99fe3eac56ab5f4c6  2008.0/x86_64/lib64mono-devel-1.2.5-4.1mdv2008.0.x86_64.rpm
 1690e1b1862553768f976059b7ee3f69  2008.0/x86_64/lib64mono0-1.2.5-4.1mdv2008.0.x86_64.rpm
 70241a617cf42d2688cf988fe96f437d  2008.0/x86_64/mono-1.2.5-4.1mdv2008.0.x86_64.rpm
 3e0fd2296e2ca03579d6248735a6a4ba  2008.0/x86_64/mono-bytefx-data-mysql-1.2.5-4.1mdv2008.0.x86_64.rpm
 f8b81acf39edae596fcd33fd723038f1  2008.0/x86_64/mono-data-1.2.5-4.1mdv2008.0.x86_64.rpm
 f0d34b98b0bd4a18b58ed3b37319d19f  2008.0/x86_64/mono-data-firebird-1.2.5-4.1mdv2008.0.x86_64.rpm
 a738da7d98f0a64434b40462bd11c5d0  2008.0/x86_64/mono-data-oracle-1.2.5-4.1mdv2008.0.x86_64.rpm
 13f0c34484612d288350e0ec2ba3b037  2008.0/x86_64/mono-data-postgresql-1.2.5-4.1mdv2008.0.x86_64.rpm
 683b45b6af4d93fe453469220b324d27  2008.0/x86_64/mono-data-sqlite-1.2.5-4.1mdv2008.0.x86_64.rpm
 251684a836b9edda16fd741cb9aa0c36  2008.0/x86_64/mono-data-sybase-1.2.5-4.1mdv2008.0.x86_64.rpm
 d21c2742ae732e8ad87c16448a57ff1d  2008.0/x86_64/mono-doc-1.2.5-4.1mdv2008.0.x86_64.rpm
 c9d6e7104ed5b374b9c922b8ba7f2218  2008.0/x86_64/mono-extras-1.2.5-4.1mdv2008.0.x86_64.rpm
 0a9d2b0456cef3e24f4bdff368c7475b  2008.0/x86_64/mono-ibm-data-db2-1.2.5-4.1mdv2008.0.x86_64.rpm
 abf507144f6727f3d7bb36eeecff4d7b  2008.0/x86_64/mono-jscript-1.2.5-4.1mdv2008.0.x86_64.rpm
 3b9485cbbb009301fad7fb2886fac54b  2008.0/x86_64/mono-locale-extras-1.2.5-4.1mdv2008.0.x86_64.rpm
 61de7b33a6bc0cecdd75d7d8dbb4c0cd  2008.0/x86_64/mono-nunit-1.2.5-4.1mdv2008.0.x86_64.rpm
 ea697d79a1e8c231d6a95c527177e1ab  2008.0/x86_64/mono-web-1.2.5-4.1mdv2008.0.x86_64.rpm
 faba9627b44c2b661005f258682fdcd7  2008.0/x86_64/mono-winforms-1.2.5-4.1mdv2008.0.x86_64.rpm 
 d427c1ad2eccc2bec9df627e80cdf97b  2008.0/SRPMS/mono-1.2.5-4.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHOwULmqjQ0CJFipgRAgn9AJ0fwGjxD3DMkYBD+7ynLBTwiq8f+ACg6usW
n/KO3Zgq6Rv76gWRDQOWDoU=
=FvIt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ