lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KlupQ-0006dC-S1@titan.mandriva.com>
Date: Fri, 03 Oct 2008 18:17:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:210 ] mono


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:210
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mono
 Date    : October 3, 2008
 Affected: 2007.1, 2008.0, 2008.1
 _______________________________________________________________________

 Problem Description:

 CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows
 remote attackers to inject arbitrary HTTP headers and conduct HTTP
 response splitting attacks via CRLF sequences in the query string.
 
 The updated packages have been patched to fix the issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 33213a75545728ba80dabc78854376aa  2007.1/i586/jay-1.2.3.1-4.2mdv2007.1.i586.rpm
 2879f218520f88400db457f3696fa752  2007.1/i586/libmono0-1.2.3.1-4.2mdv2007.1.i586.rpm
 da6ba149545134c7f551afd5a3822fce  2007.1/i586/libmono0-devel-1.2.3.1-4.2mdv2007.1.i586.rpm
 7cc6408f71a5d1b78434fd688172bfab  2007.1/i586/mono-1.2.3.1-4.2mdv2007.1.i586.rpm
 c6b9d4e73ee8a80efef6ab3722b39512  2007.1/i586/mono-bytefx-data-mysql-1.2.3.1-4.2mdv2007.1.i586.rpm
 d7c43bee87f7eec42fb1d5a04b5f4b91  2007.1/i586/mono-data-1.2.3.1-4.2mdv2007.1.i586.rpm
 02c86ffbd50722810e3fe0d52ef71f12  2007.1/i586/mono-data-firebird-1.2.3.1-4.2mdv2007.1.i586.rpm
 fd99fa689b0bd8b5f182c438fb176ea8  2007.1/i586/mono-data-oracle-1.2.3.1-4.2mdv2007.1.i586.rpm
 dc767934e9c968aa2c8c04dac55f028d  2007.1/i586/mono-data-postgresql-1.2.3.1-4.2mdv2007.1.i586.rpm
 ec8bf1ec89443da0b08adcbc8b276eaf  2007.1/i586/mono-data-sqlite-1.2.3.1-4.2mdv2007.1.i586.rpm
 2a24841df688f5d547e105c6e1789e7f  2007.1/i586/mono-data-sybase-1.2.3.1-4.2mdv2007.1.i586.rpm
 c40e6ee882c2da9afa9a2497f9c7cc4f  2007.1/i586/mono-doc-1.2.3.1-4.2mdv2007.1.i586.rpm
 5f9531eed6e615513d3f50f9b9b18fa6  2007.1/i586/mono-extras-1.2.3.1-4.2mdv2007.1.i586.rpm
 7d54fa08d53d55b11a22b1950e100b4d  2007.1/i586/mono-ibm-data-db2-1.2.3.1-4.2mdv2007.1.i586.rpm
 6191d7249a7e53719df10a62ee2feb29  2007.1/i586/mono-jscript-1.2.3.1-4.2mdv2007.1.i586.rpm
 ce55d1111f656b8e5b2e6a985604104b  2007.1/i586/mono-locale-extras-1.2.3.1-4.2mdv2007.1.i586.rpm
 230155cb67b8e86c29069fce862c21ce  2007.1/i586/mono-nunit-1.2.3.1-4.2mdv2007.1.i586.rpm
 51e6a81000c3c1b912ed48fe0fd02d0b  2007.1/i586/mono-web-1.2.3.1-4.2mdv2007.1.i586.rpm
 82e603977eeb1c1b4a0fe1f1fbb4b895  2007.1/i586/mono-winforms-1.2.3.1-4.2mdv2007.1.i586.rpm 
 44c5527b4696108d04a11dc21867140b  2007.1/SRPMS/mono-1.2.3.1-4.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 61204f9f669c4ea0585f352b058211d1  2007.1/x86_64/jay-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 21ab48222f9a4c929e7344b2c869e351  2007.1/x86_64/lib64mono0-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 515be0e0ca293391af8f76655ea97446  2007.1/x86_64/lib64mono0-devel-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 cfa21e3aed6192000e19ff4523cca043  2007.1/x86_64/mono-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 f91dcc299003ce78dbbd3f9e9b7d86ed  2007.1/x86_64/mono-bytefx-data-mysql-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 72238f1d1a71022f8cb28f515ed4b640  2007.1/x86_64/mono-data-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 00078841edbd27e68c261745a34188b3  2007.1/x86_64/mono-data-firebird-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 523c29691a8a279bf0d7d4536d5a3abb  2007.1/x86_64/mono-data-oracle-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 9b6a658fc9b121a6ea1d437f83d2a850  2007.1/x86_64/mono-data-postgresql-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 0dfde2a38caf1d5c27b1b3a25b409f6b  2007.1/x86_64/mono-data-sqlite-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 90225a6ea8da883c0baae11ba9c6e78f  2007.1/x86_64/mono-data-sybase-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 bc71d8a12be676d91265cc7df7248ecd  2007.1/x86_64/mono-doc-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 b54455349e3445e00087526417254abf  2007.1/x86_64/mono-extras-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 d39cf678f1e9308519a1636f7ea92f1f  2007.1/x86_64/mono-ibm-data-db2-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 40a47b86f9147c4d29349c0e4f11c9cd  2007.1/x86_64/mono-jscript-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 d12d432fe87289ff96c09c2aad636b41  2007.1/x86_64/mono-locale-extras-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 a8d85b4b9459841b0e81745212f12c17  2007.1/x86_64/mono-nunit-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 3a6f55b9cc54633556ba587cab35c85c  2007.1/x86_64/mono-web-1.2.3.1-4.2mdv2007.1.x86_64.rpm
 1f7a0a2e9820094dc620775734d5753a  2007.1/x86_64/mono-winforms-1.2.3.1-4.2mdv2007.1.x86_64.rpm 
 44c5527b4696108d04a11dc21867140b  2007.1/SRPMS/mono-1.2.3.1-4.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e440db67f8ec5d285a7e302f67c54602  2008.0/i586/jay-1.2.5-4.2mdv2008.0.i586.rpm
 0e6b2a56bf2afa7e7efe9d2b81a4b1e7  2008.0/i586/libmono0-1.2.5-4.2mdv2008.0.i586.rpm
 2e3bedd273b74ef985f0664c3fe41091  2008.0/i586/libmono-devel-1.2.5-4.2mdv2008.0.i586.rpm
 dc7843f9b8449c0284b710772a42b79d  2008.0/i586/mono-1.2.5-4.2mdv2008.0.i586.rpm
 c61c9a71127ce59ed0c3258644a6c054  2008.0/i586/mono-bytefx-data-mysql-1.2.5-4.2mdv2008.0.i586.rpm
 b7df0cbe0dd9d06493f560ed42e9c5c5  2008.0/i586/mono-data-1.2.5-4.2mdv2008.0.i586.rpm
 92bf88ceb2f0682f8ab1c41aa9e29c48  2008.0/i586/mono-data-firebird-1.2.5-4.2mdv2008.0.i586.rpm
 0f237a9773c57876762c4008c667f5ae  2008.0/i586/mono-data-oracle-1.2.5-4.2mdv2008.0.i586.rpm
 e47ac96e6ff386dc0c9ea6813bcc8e86  2008.0/i586/mono-data-postgresql-1.2.5-4.2mdv2008.0.i586.rpm
 b5e211ed04aa0fe9d42319e62cd5ec16  2008.0/i586/mono-data-sqlite-1.2.5-4.2mdv2008.0.i586.rpm
 afee74831573c3a011fc75189000e40b  2008.0/i586/mono-data-sybase-1.2.5-4.2mdv2008.0.i586.rpm
 8b9444c3357dbeaf9e01759bb540af13  2008.0/i586/mono-doc-1.2.5-4.2mdv2008.0.i586.rpm
 2b13edcb7a0faf24eb476e040abdcf89  2008.0/i586/mono-extras-1.2.5-4.2mdv2008.0.i586.rpm
 c9afd81fbd68b3af35d59e0029b05a18  2008.0/i586/mono-ibm-data-db2-1.2.5-4.2mdv2008.0.i586.rpm
 844c2c859538f6097ffacc2185112aa7  2008.0/i586/mono-jscript-1.2.5-4.2mdv2008.0.i586.rpm
 39b14d20448512d84853abd3816f2b00  2008.0/i586/mono-locale-extras-1.2.5-4.2mdv2008.0.i586.rpm
 1db3fc6392a7027e4f906120eff6c5f4  2008.0/i586/mono-nunit-1.2.5-4.2mdv2008.0.i586.rpm
 b9ab59d2f6d7bb88aec28cfd58f4a3e1  2008.0/i586/mono-web-1.2.5-4.2mdv2008.0.i586.rpm
 c3ca573bd2df5045e158edeee7100ac1  2008.0/i586/mono-winforms-1.2.5-4.2mdv2008.0.i586.rpm 
 5774758e02d44a1e25954a282dcec114  2008.0/SRPMS/mono-1.2.5-4.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 887d7492f9d184d321e2b50078a2960b  2008.0/x86_64/jay-1.2.5-4.2mdv2008.0.x86_64.rpm
 fe81bf7e97b92e0e7df76e53a553d677  2008.0/x86_64/lib64mono0-1.2.5-4.2mdv2008.0.x86_64.rpm
 db16848f3751a405c858b95252b2bf30  2008.0/x86_64/lib64mono-devel-1.2.5-4.2mdv2008.0.x86_64.rpm
 820045515f0cda949c6c47728963f6e5  2008.0/x86_64/mono-1.2.5-4.2mdv2008.0.x86_64.rpm
 e292ceaa2e468e15671796c226f7180a  2008.0/x86_64/mono-bytefx-data-mysql-1.2.5-4.2mdv2008.0.x86_64.rpm
 ea7ba847015e1990a3bf4d2317084191  2008.0/x86_64/mono-data-1.2.5-4.2mdv2008.0.x86_64.rpm
 9166aecd5a003a46b4b231f239d288fa  2008.0/x86_64/mono-data-firebird-1.2.5-4.2mdv2008.0.x86_64.rpm
 b899d6863e2f26a66720f5044524ed3d  2008.0/x86_64/mono-data-oracle-1.2.5-4.2mdv2008.0.x86_64.rpm
 8772d8ffa4f1f28f7c93d80dbe5ef295  2008.0/x86_64/mono-data-postgresql-1.2.5-4.2mdv2008.0.x86_64.rpm
 4af23a4d43ea4ec9b2c1082775ead565  2008.0/x86_64/mono-data-sqlite-1.2.5-4.2mdv2008.0.x86_64.rpm
 a294cd3e480c06bde1d3a89afae9dc46  2008.0/x86_64/mono-data-sybase-1.2.5-4.2mdv2008.0.x86_64.rpm
 a43f6184f2cd50fab287d940bee99341  2008.0/x86_64/mono-doc-1.2.5-4.2mdv2008.0.x86_64.rpm
 8df7250391e48bc12134dd92aaee3f2a  2008.0/x86_64/mono-extras-1.2.5-4.2mdv2008.0.x86_64.rpm
 48f3c83b2cfd25354211ecf5080b3f52  2008.0/x86_64/mono-ibm-data-db2-1.2.5-4.2mdv2008.0.x86_64.rpm
 f1d2bd1f6b7884474697203d011b7f41  2008.0/x86_64/mono-jscript-1.2.5-4.2mdv2008.0.x86_64.rpm
 3696ebc448c50f9003cba99d82b352bc  2008.0/x86_64/mono-locale-extras-1.2.5-4.2mdv2008.0.x86_64.rpm
 7b6f80e0648df7063a58a970d458d1af  2008.0/x86_64/mono-nunit-1.2.5-4.2mdv2008.0.x86_64.rpm
 53ea6788122b45c2ecd03973424fde8b  2008.0/x86_64/mono-web-1.2.5-4.2mdv2008.0.x86_64.rpm
 d57531d94f57264f635b4ece3d415798  2008.0/x86_64/mono-winforms-1.2.5-4.2mdv2008.0.x86_64.rpm 
 5774758e02d44a1e25954a282dcec114  2008.0/SRPMS/mono-1.2.5-4.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 c2a6a54629cda03a711b15d956ad48f1  2008.1/i586/jay-1.2.6-4.1mdv2008.1.i586.rpm
 b2cdd14102b90342d3abc389ba3610b8  2008.1/i586/libmono0-1.2.6-4.1mdv2008.1.i586.rpm
 45abeafb948f63b555399292ac1c155c  2008.1/i586/libmono-devel-1.2.6-4.1mdv2008.1.i586.rpm
 5163daca32007961de96a4aed0ee3576  2008.1/i586/mono-1.2.6-4.1mdv2008.1.i586.rpm
 b269506c27ed8b7a01ea6fd04aa68b2c  2008.1/i586/mono-bytefx-data-mysql-1.2.6-4.1mdv2008.1.i586.rpm
 3763c1004ab62d125ae2e656e8e3bead  2008.1/i586/mono-data-1.2.6-4.1mdv2008.1.i586.rpm
 706a44056e1498be81465db9d9ab1930  2008.1/i586/mono-data-firebird-1.2.6-4.1mdv2008.1.i586.rpm
 3cea1df02c8ecf3a6318a91fd93a8df4  2008.1/i586/mono-data-oracle-1.2.6-4.1mdv2008.1.i586.rpm
 752d16b45dc2a423a43b0c6e98262f5c  2008.1/i586/mono-data-postgresql-1.2.6-4.1mdv2008.1.i586.rpm
 3f426b28984451a81be9bdbc16731c11  2008.1/i586/mono-data-sqlite-1.2.6-4.1mdv2008.1.i586.rpm
 79a222d28afb85666b66b16656b6db01  2008.1/i586/mono-data-sybase-1.2.6-4.1mdv2008.1.i586.rpm
 45eae87984a073a7b8dfa059857994c6  2008.1/i586/mono-doc-1.2.6-4.1mdv2008.1.i586.rpm
 99ebd7c0ff7bae26c203444a3006b1ae  2008.1/i586/mono-extras-1.2.6-4.1mdv2008.1.i586.rpm
 fc6467c8bf378553c1ce1212cdf862e6  2008.1/i586/mono-ibm-data-db2-1.2.6-4.1mdv2008.1.i586.rpm
 7c5bd0f7060fb7e8584949be3b02e48e  2008.1/i586/mono-jscript-1.2.6-4.1mdv2008.1.i586.rpm
 d8924d716ea0ca0b0d4cdbfd8716c8a7  2008.1/i586/mono-locale-extras-1.2.6-4.1mdv2008.1.i586.rpm
 d9066626a5d602a21e0e83743cbba98f  2008.1/i586/mono-nunit-1.2.6-4.1mdv2008.1.i586.rpm
 508f141816c872cbfb2ba33d2333c20d  2008.1/i586/mono-web-1.2.6-4.1mdv2008.1.i586.rpm
 fe6afbabdedd6bed5b6787fd32e555cf  2008.1/i586/mono-winforms-1.2.6-4.1mdv2008.1.i586.rpm 
 ec2b756483755c770a038a89fa2b4558  2008.1/SRPMS/mono-1.2.6-4.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 38159f51314a664bda8be4d5ac78c838  2008.1/x86_64/jay-1.2.6-4.1mdv2008.1.x86_64.rpm
 3867b5b1c6b833aef4a3200025c11698  2008.1/x86_64/lib64mono0-1.2.6-4.1mdv2008.1.x86_64.rpm
 9b34901a35a959f92c7ccf41dc622e7d  2008.1/x86_64/lib64mono-devel-1.2.6-4.1mdv2008.1.x86_64.rpm
 f58d94a88270d64ab65518487ade64c1  2008.1/x86_64/mono-1.2.6-4.1mdv2008.1.x86_64.rpm
 6c2b4395b61edf9e90947f8b31df174a  2008.1/x86_64/mono-bytefx-data-mysql-1.2.6-4.1mdv2008.1.x86_64.rpm
 bc13ae1bf13544a69c6d4c65571fc6c1  2008.1/x86_64/mono-data-1.2.6-4.1mdv2008.1.x86_64.rpm
 2ff830e90768927b2313fca1bd2e3867  2008.1/x86_64/mono-data-firebird-1.2.6-4.1mdv2008.1.x86_64.rpm
 5670152b5beb3d7df66b992b6129cf78  2008.1/x86_64/mono-data-oracle-1.2.6-4.1mdv2008.1.x86_64.rpm
 5d35833bc95cba9bc9e6612545f3d5ef  2008.1/x86_64/mono-data-postgresql-1.2.6-4.1mdv2008.1.x86_64.rpm
 c928b1106a8549f390921be5586bb8d3  2008.1/x86_64/mono-data-sqlite-1.2.6-4.1mdv2008.1.x86_64.rpm
 c73fe1acfe6bad1464ded4d0ec07d0ab  2008.1/x86_64/mono-data-sybase-1.2.6-4.1mdv2008.1.x86_64.rpm
 71ede1c3f537727f9bed64bf907d505d  2008.1/x86_64/mono-doc-1.2.6-4.1mdv2008.1.x86_64.rpm
 13bc42bb77fb01c5472f9346959a54fc  2008.1/x86_64/mono-extras-1.2.6-4.1mdv2008.1.x86_64.rpm
 324d7824f09943da2782d8e9882556a2  2008.1/x86_64/mono-ibm-data-db2-1.2.6-4.1mdv2008.1.x86_64.rpm
 178b5f1897be0b1a8345f6f789c5d114  2008.1/x86_64/mono-jscript-1.2.6-4.1mdv2008.1.x86_64.rpm
 24bcfc417441e037bb3699c15f6138d0  2008.1/x86_64/mono-locale-extras-1.2.6-4.1mdv2008.1.x86_64.rpm
 78856fb36cc4ba34f2f1a5866f4d8286  2008.1/x86_64/mono-nunit-1.2.6-4.1mdv2008.1.x86_64.rpm
 a0565351873bddd9d211a98d1467f055  2008.1/x86_64/mono-web-1.2.6-4.1mdv2008.1.x86_64.rpm
 00ae4d7f9547719004cd18269f656fa2  2008.1/x86_64/mono-winforms-1.2.6-4.1mdv2008.1.x86_64.rpm 
 ec2b756483755c770a038a89fa2b4558  2008.1/SRPMS/mono-1.2.6-4.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI5ohPmqjQ0CJFipgRAjYIAKCzXMe3gTau6/loKPvYMIe5OL93WACg7uz+
eS11qH2o6fIDbh/ulAFmrpg=
=McWr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ