lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1T3RcH-0000Xb-2T@titan.mandriva.com>
Date: Mon, 20 Aug 2012 15:02:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:140 ] mono

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:140
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mono
 Date    : August 20, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in mono:
 
 Cross-site scripting (XSS) vulnerability in the ProcessRequest function
 in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono
 2.10.8 and earlier allows remote attackers to inject arbitrary
 web script or HTML via a file with a crafted name and a forbidden
 extension, which is not properly handled in an error message
 (CVE-2012-3382).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 0ed3c27e0c553ffdd090e7dfa490aeeb  2011/i586/libmono0-2.10.2-4.1-mdv2011.0.i586.rpm
 206650276cf4dca32ddf2c4dab1c0ccd  2011/i586/libmono2.0_1-2.10.2-4.1-mdv2011.0.i586.rpm
 6880796d1614c194957e4b73c5041530  2011/i586/libmono-devel-2.10.2-4.1-mdv2011.0.i586.rpm
 d37bbf7fa4d8f4c7e42841013a94a772  2011/i586/mono-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 6177e8a73c780cee0c44ce9c3e86059d  2011/i586/mono-2.10.2-4.1-mdv2011.0.i586.rpm
 7c14c69834410662e6e80fcb666632e1  2011/i586/mono-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 57e47d062f8f611da6022970525d55ba  2011/i586/mono-compat-2.10.2-4.1-mdv2011.0.i586.rpm
 8420732fc320240f61ea95f1ab1cab5c  2011/i586/mono-data-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 fed75c98595ce593af75e3e9ec9ccc89  2011/i586/mono-data-2.10.2-4.1-mdv2011.0.i586.rpm
 f6ac7e2c9477f04bd80d7b01d23d4504  2011/i586/mono-data-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 7f942b460770ae3e2c9ef3eccd220f52  2011/i586/mono-data-compat-2.10.2-4.1-mdv2011.0.i586.rpm
 14e7749bd0b7f73b8cefe38e17217b17  2011/i586/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm
 8fa14aa29453bf2940c66c3118c83a5f  2011/i586/monodoc-core-2.10.2-4.1-mdv2011.0.i586.rpm
 f3a8ff2b77abe7758d0375407031523b  2011/i586/mono-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 51a7113e627f19e58ea6151769e9ddad  2011/i586/mono-extras-2.10.2-4.1-mdv2011.0.i586.rpm
 f0a545a4548b2dffc2cfd8006ae53655  2011/i586/mono-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 7b8e1fe6d867b1f94ac9c8b61f8649f9  2011/i586/mono-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm
 a68edef182bd82cd5c3f8efd566cb771  2011/i586/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 3bf8ad87f91a7872ea0f324f70ea878e  2011/i586/mono-locale-extras-2.10.2-4.1-mdv2011.0.i586.rpm
 1bee39c2f8b992f6c15a85e9bf903349  2011/i586/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 4b54aadecb36015eec89539abaff3c45  2011/i586/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm
 fbc7afddb39e1a176c6d9e0f1a28ab58  2011/i586/mono-nunit-2.10.2-4.1-mdv2011.0.i586.rpm
 92de44cd1f0b1d28814de93c08562c37  2011/i586/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 9c7712458b5251d83db1620006dadd7d  2011/i586/mono-wcf-2.10.2-4.1-mdv2011.0.i586.rpm
 56dac691a9077a4b14d811bc8bd8f725  2011/i586/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 c3239c29a7bf9fd337f4927eda1ee104  2011/i586/mono-web-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 30f4846dd3e572c00a35faaca1d49a43  2011/i586/mono-web-2.10.2-4.1-mdv2011.0.i586.rpm
 f617be730eb3013247fbe4e0813d021c  2011/i586/mono-web-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 d51911239e5d2aaeb01cd87d79879176  2011/i586/mono-web-compat-2.10.2-4.1-mdv2011.0.i586.rpm
 b9f44e09de6d0b4588f062b12ab34c2e  2011/i586/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 8c8e8b3fcc4f43c354760a06dd4d470f  2011/i586/mono-winforms-2.10.2-4.1-mdv2011.0.i586.rpm
 edfaba163dbfecea7082177eee7d2c5c  2011/i586/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
 4eaaef456c955f03576333e654d57ba5  2011/i586/mono-winforms-compat-2.10.2-4.1-mdv2011.0.i586.rpm
 2bb7b24054d9b362629d70d946c07b8d  2011/i586/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
 beb92d73397de92fc8b461d12dba4757  2011/i586/mono-winfxcore-2.10.2-4.1-mdv2011.0.i586.rpm
 6dd6962e129e4fbef484a98b57e9923d  2011/i586/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.i586.rpm 
 d386d81286f4c4b5cca06f17bc9be66d  2011/SRPMS/mono-2.10.2-4.1.src.rpm

 Mandriva Linux 2011/X86_64:
 ad49ad287eeb7564a8f6b492b6d748e6  2011/x86_64/lib64mono0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 e4e11c03f40aa2b7cb26e67136944ac8  2011/x86_64/lib64mono2.0_1-2.10.2-4.1-mdv2011.0.x86_64.rpm
 7843204d8c0c6771a24e94f25be8b73d  2011/x86_64/lib64mono-devel-2.10.2-4.1-mdv2011.0.x86_64.rpm
 74c9f4752d032c57018770b6026926e1  2011/x86_64/mono-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 035f8a8246bb3347280df63240c06706  2011/x86_64/mono-2.10.2-4.1-mdv2011.0.x86_64.rpm
 0ac9acad48fe9a1a328f34cf61c73fb2  2011/x86_64/mono-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 04727b55b7e97328f052029b2133e3c3  2011/x86_64/mono-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
 d0254fe8adc9a847d30f1050dfca3d68  2011/x86_64/mono-data-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 1632f1de58a6c6ea2b93c200228edde9  2011/x86_64/mono-data-2.10.2-4.1-mdv2011.0.x86_64.rpm
 2b7f625f20b2b48b7ce2bdf35493dbfb  2011/x86_64/mono-data-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 8434453ee0de9677c86bcb1ce735223a  2011/x86_64/mono-data-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
 8b89545140f65b501b61ba0499351269  2011/x86_64/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm
 69bf60a7c499afe9ed2cf5fd85d31b7a  2011/x86_64/monodoc-core-2.10.2-4.1-mdv2011.0.x86_64.rpm
 c1ad7337fae59d9287bb5b6ff31ba865  2011/x86_64/mono-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 3341d6f6d2ed102790aee3d7702e2fc7  2011/x86_64/mono-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm
 94a6058ae1794e825ff7b651ffb47b99  2011/x86_64/mono-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 3320949df4acd74efe71f73f6bff2ef1  2011/x86_64/mono-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
 4b9ca77319c29d51ac07d7ff11ce5a2b  2011/x86_64/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 2eeec220d341083e6041eb26b679b6e9  2011/x86_64/mono-locale-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm
 d9578790a77b37a48c800afc0fb1b771  2011/x86_64/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 8449d63a847ee24e905457e0bbf8dfb8  2011/x86_64/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
 80881fa77986f67b9bed589594744345  2011/x86_64/mono-nunit-2.10.2-4.1-mdv2011.0.x86_64.rpm
 2ce4cecfbbfdaefe5ada0095f8f7e97d  2011/x86_64/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 e9f112cfe273410bcbef4063b212bb09  2011/x86_64/mono-wcf-2.10.2-4.1-mdv2011.0.x86_64.rpm
 eadb1754ae5f98b15edbc08819992132  2011/x86_64/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 e9a6f71e1e55505546e32ce0584bbf79  2011/x86_64/mono-web-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 cd62f737bbd69e11c9443c324f8c4ef4  2011/x86_64/mono-web-2.10.2-4.1-mdv2011.0.x86_64.rpm
 8f0e2399b4aa0d4b682cd9850521b5f5  2011/x86_64/mono-web-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 7fcfff40c20241bced3fd9f6df5d795d  2011/x86_64/mono-web-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
 06505f5d48413d6d721dc2cf6819bab8  2011/x86_64/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 5157c894dc80c0ddf623bf9d986edcc7  2011/x86_64/mono-winforms-2.10.2-4.1-mdv2011.0.x86_64.rpm
 ecb7673772eae830af578c86d97960ba  2011/x86_64/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 a13b2523a1d1de6b0d2898b58773b97b  2011/x86_64/mono-winforms-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
 be100a335bdc62bd5f2fcb18498838d7  2011/x86_64/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
 25148ff9af9f58d1c1964c0d80ec5921  2011/x86_64/mono-winfxcore-2.10.2-4.1-mdv2011.0.x86_64.rpm
 b3a94278f253ec6f8577d1a7dd2aadd9  2011/x86_64/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm 
 d386d81286f4c4b5cca06f17bc9be66d  2011/SRPMS/mono-2.10.2-4.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQMgnnmqjQ0CJFipgRApnIAJ9Hbx/qrvIXaG6KppvKRB9n43CzzwCfUOnO
fx9P9KKS6YLQAUiMEaQXqcA=
=/FD/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists