lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1T3RcH-0000Xb-2T@titan.mandriva.com> Date: Mon, 20 Aug 2012 15:02:00 +0200 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2012:140 ] mono -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mono Date : August 20, 2012 Affected: 2011. _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in mono: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message (CVE-2012-3382). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382 _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: 0ed3c27e0c553ffdd090e7dfa490aeeb 2011/i586/libmono0-2.10.2-4.1-mdv2011.0.i586.rpm 206650276cf4dca32ddf2c4dab1c0ccd 2011/i586/libmono2.0_1-2.10.2-4.1-mdv2011.0.i586.rpm 6880796d1614c194957e4b73c5041530 2011/i586/libmono-devel-2.10.2-4.1-mdv2011.0.i586.rpm d37bbf7fa4d8f4c7e42841013a94a772 2011/i586/mono-2.0-2.10.2-4.1-mdv2011.0.i586.rpm 6177e8a73c780cee0c44ce9c3e86059d 2011/i586/mono-2.10.2-4.1-mdv2011.0.i586.rpm 7c14c69834410662e6e80fcb666632e1 2011/i586/mono-4.0-2.10.2-4.1-mdv2011.0.i586.rpm 57e47d062f8f611da6022970525d55ba 2011/i586/mono-compat-2.10.2-4.1-mdv2011.0.i586.rpm 8420732fc320240f61ea95f1ab1cab5c 2011/i586/mono-data-2.0-2.10.2-4.1-mdv2011.0.i586.rpm fed75c98595ce593af75e3e9ec9ccc89 2011/i586/mono-data-2.10.2-4.1-mdv2011.0.i586.rpm f6ac7e2c9477f04bd80d7b01d23d4504 2011/i586/mono-data-4.0-2.10.2-4.1-mdv2011.0.i586.rpm 7f942b460770ae3e2c9ef3eccd220f52 2011/i586/mono-data-compat-2.10.2-4.1-mdv2011.0.i586.rpm 14e7749bd0b7f73b8cefe38e17217b17 2011/i586/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm 8fa14aa29453bf2940c66c3118c83a5f 2011/i586/monodoc-core-2.10.2-4.1-mdv2011.0.i586.rpm f3a8ff2b77abe7758d0375407031523b 2011/i586/mono-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm 51a7113e627f19e58ea6151769e9ddad 2011/i586/mono-extras-2.10.2-4.1-mdv2011.0.i586.rpm f0a545a4548b2dffc2cfd8006ae53655 2011/i586/mono-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm 7b8e1fe6d867b1f94ac9c8b61f8649f9 2011/i586/mono-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm a68edef182bd82cd5c3f8efd566cb771 2011/i586/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm 3bf8ad87f91a7872ea0f324f70ea878e 2011/i586/mono-locale-extras-2.10.2-4.1-mdv2011.0.i586.rpm 1bee39c2f8b992f6c15a85e9bf903349 2011/i586/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm 4b54aadecb36015eec89539abaff3c45 2011/i586/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm fbc7afddb39e1a176c6d9e0f1a28ab58 2011/i586/mono-nunit-2.10.2-4.1-mdv2011.0.i586.rpm 92de44cd1f0b1d28814de93c08562c37 2011/i586/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.i586.rpm 9c7712458b5251d83db1620006dadd7d 2011/i586/mono-wcf-2.10.2-4.1-mdv2011.0.i586.rpm 56dac691a9077a4b14d811bc8bd8f725 2011/i586/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.i586.rpm c3239c29a7bf9fd337f4927eda1ee104 2011/i586/mono-web-2.0-2.10.2-4.1-mdv2011.0.i586.rpm 30f4846dd3e572c00a35faaca1d49a43 2011/i586/mono-web-2.10.2-4.1-mdv2011.0.i586.rpm f617be730eb3013247fbe4e0813d021c 2011/i586/mono-web-4.0-2.10.2-4.1-mdv2011.0.i586.rpm d51911239e5d2aaeb01cd87d79879176 2011/i586/mono-web-compat-2.10.2-4.1-mdv2011.0.i586.rpm b9f44e09de6d0b4588f062b12ab34c2e 2011/i586/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.i586.rpm 8c8e8b3fcc4f43c354760a06dd4d470f 2011/i586/mono-winforms-2.10.2-4.1-mdv2011.0.i586.rpm edfaba163dbfecea7082177eee7d2c5c 2011/i586/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.i586.rpm 4eaaef456c955f03576333e654d57ba5 2011/i586/mono-winforms-compat-2.10.2-4.1-mdv2011.0.i586.rpm 2bb7b24054d9b362629d70d946c07b8d 2011/i586/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.i586.rpm beb92d73397de92fc8b461d12dba4757 2011/i586/mono-winfxcore-2.10.2-4.1-mdv2011.0.i586.rpm 6dd6962e129e4fbef484a98b57e9923d 2011/i586/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.i586.rpm d386d81286f4c4b5cca06f17bc9be66d 2011/SRPMS/mono-2.10.2-4.1.src.rpm Mandriva Linux 2011/X86_64: ad49ad287eeb7564a8f6b492b6d748e6 2011/x86_64/lib64mono0-2.10.2-4.1-mdv2011.0.x86_64.rpm e4e11c03f40aa2b7cb26e67136944ac8 2011/x86_64/lib64mono2.0_1-2.10.2-4.1-mdv2011.0.x86_64.rpm 7843204d8c0c6771a24e94f25be8b73d 2011/x86_64/lib64mono-devel-2.10.2-4.1-mdv2011.0.x86_64.rpm 74c9f4752d032c57018770b6026926e1 2011/x86_64/mono-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 035f8a8246bb3347280df63240c06706 2011/x86_64/mono-2.10.2-4.1-mdv2011.0.x86_64.rpm 0ac9acad48fe9a1a328f34cf61c73fb2 2011/x86_64/mono-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 04727b55b7e97328f052029b2133e3c3 2011/x86_64/mono-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm d0254fe8adc9a847d30f1050dfca3d68 2011/x86_64/mono-data-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 1632f1de58a6c6ea2b93c200228edde9 2011/x86_64/mono-data-2.10.2-4.1-mdv2011.0.x86_64.rpm 2b7f625f20b2b48b7ce2bdf35493dbfb 2011/x86_64/mono-data-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 8434453ee0de9677c86bcb1ce735223a 2011/x86_64/mono-data-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm 8b89545140f65b501b61ba0499351269 2011/x86_64/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm 69bf60a7c499afe9ed2cf5fd85d31b7a 2011/x86_64/monodoc-core-2.10.2-4.1-mdv2011.0.x86_64.rpm c1ad7337fae59d9287bb5b6ff31ba865 2011/x86_64/mono-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 3341d6f6d2ed102790aee3d7702e2fc7 2011/x86_64/mono-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm 94a6058ae1794e825ff7b651ffb47b99 2011/x86_64/mono-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 3320949df4acd74efe71f73f6bff2ef1 2011/x86_64/mono-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm 4b9ca77319c29d51ac07d7ff11ce5a2b 2011/x86_64/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 2eeec220d341083e6041eb26b679b6e9 2011/x86_64/mono-locale-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm d9578790a77b37a48c800afc0fb1b771 2011/x86_64/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 8449d63a847ee24e905457e0bbf8dfb8 2011/x86_64/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm 80881fa77986f67b9bed589594744345 2011/x86_64/mono-nunit-2.10.2-4.1-mdv2011.0.x86_64.rpm 2ce4cecfbbfdaefe5ada0095f8f7e97d 2011/x86_64/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm e9f112cfe273410bcbef4063b212bb09 2011/x86_64/mono-wcf-2.10.2-4.1-mdv2011.0.x86_64.rpm eadb1754ae5f98b15edbc08819992132 2011/x86_64/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm e9a6f71e1e55505546e32ce0584bbf79 2011/x86_64/mono-web-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm cd62f737bbd69e11c9443c324f8c4ef4 2011/x86_64/mono-web-2.10.2-4.1-mdv2011.0.x86_64.rpm 8f0e2399b4aa0d4b682cd9850521b5f5 2011/x86_64/mono-web-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 7fcfff40c20241bced3fd9f6df5d795d 2011/x86_64/mono-web-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm 06505f5d48413d6d721dc2cf6819bab8 2011/x86_64/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 5157c894dc80c0ddf623bf9d986edcc7 2011/x86_64/mono-winforms-2.10.2-4.1-mdv2011.0.x86_64.rpm ecb7673772eae830af578c86d97960ba 2011/x86_64/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm a13b2523a1d1de6b0d2898b58773b97b 2011/x86_64/mono-winforms-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm be100a335bdc62bd5f2fcb18498838d7 2011/x86_64/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 25148ff9af9f58d1c1964c0d80ec5921 2011/x86_64/mono-winfxcore-2.10.2-4.1-mdv2011.0.x86_64.rpm b3a94278f253ec6f8577d1a7dd2aadd9 2011/x86_64/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm d386d81286f4c4b5cca06f17bc9be66d 2011/SRPMS/mono-2.10.2-4.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQMgnnmqjQ0CJFipgRApnIAJ9Hbx/qrvIXaG6KppvKRB9n43CzzwCfUOnO fx9P9KKS6YLQAUiMEaQXqcA= =/FD/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists