lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MxLBx-0000nf-4q@titan.mandriva.com>
Date: Mon, 12 Oct 2009 15:44:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:268 ] mono


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:268
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mono
 Date    : October 12, 2009
 Affected: 2008.1, 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in mono:
 
 Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
 class libraries in Mono 2.0 and earlier allow remote attackers to
 inject arbitrary web script or HTML via crafted attributes related to
 (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
 (RenderAttributes), (3) HtmlInputButton (RenderAttributes),
 (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
 (RenderChildren) (CVE-2008-3422).
 
 The XML HMAC signature system did not correctly check certain
 lengths. If an attacker sent a truncated HMAC, it could bypass
 authentication, leading to potential privilege escalation
 (CVE-2009-0217).
 
 This update fixes these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 de6e265dd80c5f7654d7f1781b3376aa  2008.1/i586/jay-1.2.6-4.2mdv2008.1.i586.rpm
 97452600ab02162347cf54328aabd7bd  2008.1/i586/libmono0-1.2.6-4.2mdv2008.1.i586.rpm
 f2b1560754e944ca8c56afb1cfdd10b5  2008.1/i586/libmono-devel-1.2.6-4.2mdv2008.1.i586.rpm
 6066d1f5a75d974bfb52080d88c99aa1  2008.1/i586/mono-1.2.6-4.2mdv2008.1.i586.rpm
 60ac8f3516199746756973b6f2c88281  2008.1/i586/mono-bytefx-data-mysql-1.2.6-4.2mdv2008.1.i586.rpm
 fa88de113c3eae5911d5269656e0f7ae  2008.1/i586/mono-data-1.2.6-4.2mdv2008.1.i586.rpm
 e2cf3a1bec78c70d3e923fe6cfd6657d  2008.1/i586/mono-data-firebird-1.2.6-4.2mdv2008.1.i586.rpm
 4d6f885af6d50ac55fbce71bfb5d7cd3  2008.1/i586/mono-data-oracle-1.2.6-4.2mdv2008.1.i586.rpm
 a04a52cd15bc0ece596a3aefc748583b  2008.1/i586/mono-data-postgresql-1.2.6-4.2mdv2008.1.i586.rpm
 ec526c8f8f1ff2c55c8f68ddc80440ac  2008.1/i586/mono-data-sqlite-1.2.6-4.2mdv2008.1.i586.rpm
 42c6c3df6268fe5823151258aec47f21  2008.1/i586/mono-data-sybase-1.2.6-4.2mdv2008.1.i586.rpm
 8dbf5a4694b0b0849dfb4db338a495b1  2008.1/i586/mono-doc-1.2.6-4.2mdv2008.1.i586.rpm
 78e393239b960afa6c21758a18792b56  2008.1/i586/mono-extras-1.2.6-4.2mdv2008.1.i586.rpm
 8166a539f5f63fb85feaeb5e6d4888d3  2008.1/i586/mono-ibm-data-db2-1.2.6-4.2mdv2008.1.i586.rpm
 48506beebc8f97bbb72b8ae6c802f56e  2008.1/i586/mono-jscript-1.2.6-4.2mdv2008.1.i586.rpm
 9984610d5485bdbd5daeb4cb1844ec7a  2008.1/i586/mono-locale-extras-1.2.6-4.2mdv2008.1.i586.rpm
 a29437ca4e9718ec03274791754d7eb8  2008.1/i586/mono-nunit-1.2.6-4.2mdv2008.1.i586.rpm
 350eaa5dcbdc29ba80b393abbe6cc4d3  2008.1/i586/mono-web-1.2.6-4.2mdv2008.1.i586.rpm
 209c1d3721b1dd3344f3cf9fa4e5c4d8  2008.1/i586/mono-winforms-1.2.6-4.2mdv2008.1.i586.rpm 
 35c1fbf300b903d847c6545f9b10702a  2008.1/SRPMS/mono-1.2.6-4.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 edc5a920e6b80e4ecf3d6ce792d3f272  2008.1/x86_64/jay-1.2.6-4.2mdv2008.1.x86_64.rpm
 602c11d794ecc88275dc41c72467bbfa  2008.1/x86_64/lib64mono0-1.2.6-4.2mdv2008.1.x86_64.rpm
 6e9cf2b10af360860e15141d7aae81b0  2008.1/x86_64/lib64mono-devel-1.2.6-4.2mdv2008.1.x86_64.rpm
 4ae0c0472dbf89975804afec253fcece  2008.1/x86_64/mono-1.2.6-4.2mdv2008.1.x86_64.rpm
 3e142d74f0f323b18f8041df29d9af23  2008.1/x86_64/mono-bytefx-data-mysql-1.2.6-4.2mdv2008.1.x86_64.rpm
 72923b3d6c1ae03aaf7e7f112fb3985f  2008.1/x86_64/mono-data-1.2.6-4.2mdv2008.1.x86_64.rpm
 6669388d97d8870e4ae1aac4561d437a  2008.1/x86_64/mono-data-firebird-1.2.6-4.2mdv2008.1.x86_64.rpm
 ff3b71cf21ede8bb278b22943032efc8  2008.1/x86_64/mono-data-oracle-1.2.6-4.2mdv2008.1.x86_64.rpm
 41bf141eaa17dc71140292958c30a299  2008.1/x86_64/mono-data-postgresql-1.2.6-4.2mdv2008.1.x86_64.rpm
 ffbe552fcc362ce25577b01bae7d2d17  2008.1/x86_64/mono-data-sqlite-1.2.6-4.2mdv2008.1.x86_64.rpm
 1ddfa0b0eb1fb021616cac7e539ebe15  2008.1/x86_64/mono-data-sybase-1.2.6-4.2mdv2008.1.x86_64.rpm
 71728b6881d74243161d09b8bb287272  2008.1/x86_64/mono-doc-1.2.6-4.2mdv2008.1.x86_64.rpm
 8b0b39af45958b8999d5cb4f835d22d6  2008.1/x86_64/mono-extras-1.2.6-4.2mdv2008.1.x86_64.rpm
 3dbc4666c3dde4e7341d46a117f8e5c2  2008.1/x86_64/mono-ibm-data-db2-1.2.6-4.2mdv2008.1.x86_64.rpm
 6939c8e5a38e0007d9cb3467877f0a1b  2008.1/x86_64/mono-jscript-1.2.6-4.2mdv2008.1.x86_64.rpm
 22e17b6fb762740073627357ab0bfc8d  2008.1/x86_64/mono-locale-extras-1.2.6-4.2mdv2008.1.x86_64.rpm
 17c4ea75b0b538c0932fe465fff7c150  2008.1/x86_64/mono-nunit-1.2.6-4.2mdv2008.1.x86_64.rpm
 c93ecadc53d94e8178a1aafce4e10795  2008.1/x86_64/mono-web-1.2.6-4.2mdv2008.1.x86_64.rpm
 47a1d1f13e15c665af9f206112c4ad5b  2008.1/x86_64/mono-winforms-1.2.6-4.2mdv2008.1.x86_64.rpm 
 35c1fbf300b903d847c6545f9b10702a  2008.1/SRPMS/mono-1.2.6-4.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 e0d6b76674ada8d8115812770f236a31  2009.0/i586/jay-1.9.1-5.2mdv2009.0.i586.rpm
 6654b5e9975aadba60b5339bf448d319  2009.0/i586/libmono0-1.9.1-5.2mdv2009.0.i586.rpm
 2ae9180d639ca8acef99e5505e0a723f  2009.0/i586/libmono-devel-1.9.1-5.2mdv2009.0.i586.rpm
 8830c0d711b0a5f22663c1af83e58031  2009.0/i586/mono-1.9.1-5.2mdv2009.0.i586.rpm
 13991eedda949b0b59aa9558bd80b04c  2009.0/i586/mono-bytefx-data-mysql-1.9.1-5.2mdv2009.0.i586.rpm
 7459e64357612053ec09a396a8d2637e  2009.0/i586/mono-data-1.9.1-5.2mdv2009.0.i586.rpm
 41fe40e084585b3c2451a7dc578f3f57  2009.0/i586/mono-data-firebird-1.9.1-5.2mdv2009.0.i586.rpm
 282c251339ac838893e149e6fa0d44ba  2009.0/i586/mono-data-oracle-1.9.1-5.2mdv2009.0.i586.rpm
 ebcfad00d396a4ddbd4a4153a47903ee  2009.0/i586/mono-data-postgresql-1.9.1-5.2mdv2009.0.i586.rpm
 343fc5891a7e5836060273c92b6fbe52  2009.0/i586/mono-data-sqlite-1.9.1-5.2mdv2009.0.i586.rpm
 5ac4ff0c231f3fe181248206df2b79b0  2009.0/i586/mono-data-sybase-1.9.1-5.2mdv2009.0.i586.rpm
 d8002b980b8fa31da67695d5c35c76f3  2009.0/i586/mono-doc-1.9.1-5.2mdv2009.0.i586.rpm
 6d2c21bcfdf8598747f68baba09d2566  2009.0/i586/mono-extras-1.9.1-5.2mdv2009.0.i586.rpm
 285c0c2f519dd11df02107319009e296  2009.0/i586/mono-ibm-data-db2-1.9.1-5.2mdv2009.0.i586.rpm
 13d8dc15f76d1a41c16e216b9995c16e  2009.0/i586/mono-jscript-1.9.1-5.2mdv2009.0.i586.rpm
 1794c3603f7e1da8c2fe066a6365863c  2009.0/i586/mono-locale-extras-1.9.1-5.2mdv2009.0.i586.rpm
 fe59d88f287ad3750e717f312a42169f  2009.0/i586/mono-nunit-1.9.1-5.2mdv2009.0.i586.rpm
 e16b611dfd8bff53e5d55f64c5db3c19  2009.0/i586/mono-web-1.9.1-5.2mdv2009.0.i586.rpm
 ff4bd4b44a41af44a61327ace6ad3993  2009.0/i586/mono-winforms-1.9.1-5.2mdv2009.0.i586.rpm 
 6bf61c4628334ae896a39aac879ec488  2009.0/SRPMS/mono-1.9.1-5.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 44397754d5efd916bc63160c98a5242c  2009.0/x86_64/jay-1.9.1-5.2mdv2009.0.x86_64.rpm
 7f4db85dd7ebc2bb5dc742542e3f1038  2009.0/x86_64/lib64mono0-1.9.1-5.2mdv2009.0.x86_64.rpm
 9477e7451ce2647e21f0d76a02d6b150  2009.0/x86_64/lib64mono-devel-1.9.1-5.2mdv2009.0.x86_64.rpm
 45a0af75bf5d38e4225cf6772d7493b4  2009.0/x86_64/mono-1.9.1-5.2mdv2009.0.x86_64.rpm
 7d136b0b121069963056ee59b28b2358  2009.0/x86_64/mono-bytefx-data-mysql-1.9.1-5.2mdv2009.0.x86_64.rpm
 11b8f40590007e37696476a87e20f9ac  2009.0/x86_64/mono-data-1.9.1-5.2mdv2009.0.x86_64.rpm
 1c021b353b9161be331ae357275580a4  2009.0/x86_64/mono-data-firebird-1.9.1-5.2mdv2009.0.x86_64.rpm
 c1bf6485fd05e383dc22add8891a988b  2009.0/x86_64/mono-data-oracle-1.9.1-5.2mdv2009.0.x86_64.rpm
 e170da29cd49c1baf9f9022bb467f51f  2009.0/x86_64/mono-data-postgresql-1.9.1-5.2mdv2009.0.x86_64.rpm
 fd77c0c80e213893200f936d16ef8370  2009.0/x86_64/mono-data-sqlite-1.9.1-5.2mdv2009.0.x86_64.rpm
 74e5734487378fc1f61aada64bb8cef3  2009.0/x86_64/mono-data-sybase-1.9.1-5.2mdv2009.0.x86_64.rpm
 509369912869f9eeb48a93e8315269c2  2009.0/x86_64/mono-doc-1.9.1-5.2mdv2009.0.x86_64.rpm
 d9cf20071826147ab093b1d7f6f0cdd5  2009.0/x86_64/mono-extras-1.9.1-5.2mdv2009.0.x86_64.rpm
 66f53ae6e054459509decc7a882e41c5  2009.0/x86_64/mono-ibm-data-db2-1.9.1-5.2mdv2009.0.x86_64.rpm
 5a35a61d918b720a2368b081c2580609  2009.0/x86_64/mono-jscript-1.9.1-5.2mdv2009.0.x86_64.rpm
 b6ca2074141ea2c8f934088562e86c52  2009.0/x86_64/mono-locale-extras-1.9.1-5.2mdv2009.0.x86_64.rpm
 335fb2198bc64930ee4bc9d61a0b8aa4  2009.0/x86_64/mono-nunit-1.9.1-5.2mdv2009.0.x86_64.rpm
 f13262bd50dead132f3ca0a768b7b531  2009.0/x86_64/mono-web-1.9.1-5.2mdv2009.0.x86_64.rpm
 e684e230e2b2497e02cb652d711b6bfb  2009.0/x86_64/mono-winforms-1.9.1-5.2mdv2009.0.x86_64.rpm 
 6bf61c4628334ae896a39aac879ec488  2009.0/SRPMS/mono-1.9.1-5.2mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 db42b5ed808be0011a597f3c2589b386  mes5/i586/jay-1.9.1-5.2mdvmes5.i586.rpm
 2d268385c40286aa22eb96e117fe4622  mes5/i586/libmono0-1.9.1-5.2mdvmes5.i586.rpm
 13e058ffc0ea426329c9cd89013b3627  mes5/i586/libmono-devel-1.9.1-5.2mdvmes5.i586.rpm
 9c1d1f611a3b8eb415c867d3d378aaad  mes5/i586/mono-1.9.1-5.2mdvmes5.i586.rpm
 4018554a87b79a3070dce02f45667f34  mes5/i586/mono-bytefx-data-mysql-1.9.1-5.2mdvmes5.i586.rpm
 84946820d4cb0a726b20f14e1b48d540  mes5/i586/mono-data-1.9.1-5.2mdvmes5.i586.rpm
 c6eb247ab28b9509c946337c9decb798  mes5/i586/mono-data-firebird-1.9.1-5.2mdvmes5.i586.rpm
 79f7bb9d6eb6c3792d0999afe6be52b9  mes5/i586/mono-data-oracle-1.9.1-5.2mdvmes5.i586.rpm
 76ffac5f0bd6813f32f0aeccc99bd163  mes5/i586/mono-data-postgresql-1.9.1-5.2mdvmes5.i586.rpm
 49b76c6a1e89a2c3f8236123b9286614  mes5/i586/mono-data-sqlite-1.9.1-5.2mdvmes5.i586.rpm
 75104633b7bdbfb0cda696e38c29ac19  mes5/i586/mono-data-sybase-1.9.1-5.2mdvmes5.i586.rpm
 b9a12a97736edb66ae7a12a4f25f4f9f  mes5/i586/mono-doc-1.9.1-5.2mdvmes5.i586.rpm
 a837000f710729b7feaa3f09de4373c1  mes5/i586/mono-extras-1.9.1-5.2mdvmes5.i586.rpm
 880955a3e86ec3079bf2576c12c3162a  mes5/i586/mono-ibm-data-db2-1.9.1-5.2mdvmes5.i586.rpm
 9e566a11736724d34b29640e19ff2bc2  mes5/i586/mono-jscript-1.9.1-5.2mdvmes5.i586.rpm
 2d5f001303e34a3060f0dcde99c6c0cd  mes5/i586/mono-locale-extras-1.9.1-5.2mdvmes5.i586.rpm
 045bdf7a5129d9e3c291fe221e084783  mes5/i586/mono-nunit-1.9.1-5.2mdvmes5.i586.rpm
 82d546afb360af149e0888c475cdea92  mes5/i586/mono-web-1.9.1-5.2mdvmes5.i586.rpm
 d929e634482b68b9a15df22468a74399  mes5/i586/mono-winforms-1.9.1-5.2mdvmes5.i586.rpm 
 190fdc4f05bee8ee54978a48e4b3c84c  mes5/SRPMS/mono-1.9.1-5.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c7e27bc486f4aadf9dcf136232ae9bde  mes5/x86_64/jay-1.9.1-5.2mdvmes5.x86_64.rpm
 5825aae16f52bb418a30b26f7090fab8  mes5/x86_64/lib64mono0-1.9.1-5.2mdvmes5.x86_64.rpm
 067316d476e010019091116a8a3ebfd8  mes5/x86_64/lib64mono-devel-1.9.1-5.2mdvmes5.x86_64.rpm
 c08589d0e6974670f2f9a93b333b8a9f  mes5/x86_64/mono-1.9.1-5.2mdvmes5.x86_64.rpm
 3e8b1230173c5a01283fec210f26f508  mes5/x86_64/mono-bytefx-data-mysql-1.9.1-5.2mdvmes5.x86_64.rpm
 2b38f64c31b91c817546917aa6c0e947  mes5/x86_64/mono-data-1.9.1-5.2mdvmes5.x86_64.rpm
 50ad3c92bb9f0bbb49f8919cd63fcfdd  mes5/x86_64/mono-data-firebird-1.9.1-5.2mdvmes5.x86_64.rpm
 04ef75339343cf01b8f1e67e6d40407d  mes5/x86_64/mono-data-oracle-1.9.1-5.2mdvmes5.x86_64.rpm
 ef21f7f6130b2e350bc7bd659d1b5d3d  mes5/x86_64/mono-data-postgresql-1.9.1-5.2mdvmes5.x86_64.rpm
 d29808f8ab9b9e1f7611ae0ab168dfcf  mes5/x86_64/mono-data-sqlite-1.9.1-5.2mdvmes5.x86_64.rpm
 df058be839da9c929fe5a6d843f73fbb  mes5/x86_64/mono-data-sybase-1.9.1-5.2mdvmes5.x86_64.rpm
 8c08cf45c6c421df0f1aa22e1da254e3  mes5/x86_64/mono-doc-1.9.1-5.2mdvmes5.x86_64.rpm
 d6fafb66dd6ffcd5fdf162bea6f90bfe  mes5/x86_64/mono-extras-1.9.1-5.2mdvmes5.x86_64.rpm
 b45a4c26a149534f8b117a3c37786a3e  mes5/x86_64/mono-ibm-data-db2-1.9.1-5.2mdvmes5.x86_64.rpm
 f7fb216b771981fab74b5c6960e9a4ef  mes5/x86_64/mono-jscript-1.9.1-5.2mdvmes5.x86_64.rpm
 23ad9696709cf323c7ca13f1451a7d9a  mes5/x86_64/mono-locale-extras-1.9.1-5.2mdvmes5.x86_64.rpm
 b26a99c1bc4bf952d8b78d3fa08abd7c  mes5/x86_64/mono-nunit-1.9.1-5.2mdvmes5.x86_64.rpm
 7e8fa9d18335228bd732a94ffc6824b5  mes5/x86_64/mono-web-1.9.1-5.2mdvmes5.x86_64.rpm
 e8d247c376a6c619557cf6c18a1772e1  mes5/x86_64/mono-winforms-1.9.1-5.2mdvmes5.x86_64.rpm 
 190fdc4f05bee8ee54978a48e4b3c84c  mes5/SRPMS/mono-1.9.1-5.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK0wUumqjQ0CJFipgRArNBAKCfWpGeVJIWtuSj4ffAx7FD7HWKLgCcCgs5
WU1penl7VZFFTdjrq8mGMCk=
=JIdr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ