[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:269 ] mono



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:269
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : mono
 Date    : October 12, 2009
 Affected: 2009.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in mono:
 
 The XML HMAC signature system did not correctly check certain
 lengths. If an attacker sent a truncated HMAC, it could bypass
 authentication, leading to potential privilege escalation
 (CVE-2009-0217).
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 96e9b3a164ba54df856e53d75f9a770e  2009.1/i586/jay-2.2-2.1mdv2009.1.i586.rpm
 4f4670e50e1b8ebab0ae1c4b26a08fd0  
2009.1/i586/libmono0-2.2-2.1mdv2009.1.i586.rpm
 e3744379037dabebe6d42673d9eabe5b  
2009.1/i586/libmono-devel-2.2-2.1mdv2009.1.i586.rpm
 4a56747ad655d38fa12b1058d9064074  2009.1/i586/mono-2.2-2.1mdv2009.1.i586.rpm
 003d4591273b096b5821e23568cf5e0a  
2009.1/i586/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.i586.rpm
 d9e290994110aa9dd017c660000bddd7  
2009.1/i586/mono-data-2.2-2.1mdv2009.1.i586.rpm
 458f50bfd97cc07af88810454b010e1f  
2009.1/i586/mono-data-firebird-2.2-2.1mdv2009.1.i586.rpm
 9a1d5cb0870076d0295c3acf47c0f71f  
2009.1/i586/mono-data-oracle-2.2-2.1mdv2009.1.i586.rpm
 1122700a1b4c50a730ad4750854ab240  
2009.1/i586/mono-data-postgresql-2.2-2.1mdv2009.1.i586.rpm
 dbd00c88b8c0d2cdd63abb17af398c27  
2009.1/i586/mono-data-sqlite-2.2-2.1mdv2009.1.i586.rpm
 3b3aa065531b9799deada8bd05f19916  
2009.1/i586/mono-data-sybase-2.2-2.1mdv2009.1.i586.rpm
 61f0442d103a426463656bc904b14616  
2009.1/i586/mono-doc-2.2-2.1mdv2009.1.i586.rpm
 7040660051b34492e967987f51ece5af  
2009.1/i586/monodoc-core-2.2-2.1mdv2009.1.i586.rpm
 00cd782fe8c4e709027d4971d29b8b3e  
2009.1/i586/mono-extras-2.2-2.1mdv2009.1.i586.rpm
 0f806054daf0af31829fe2b0354250f4  
2009.1/i586/mono-ibm-data-db2-2.2-2.1mdv2009.1.i586.rpm
 f930305f456043350c81e3c44f19bb31  
2009.1/i586/mono-jscript-2.2-2.1mdv2009.1.i586.rpm
 189188a2077200423f6161b426204037  
2009.1/i586/mono-locale-extras-2.2-2.1mdv2009.1.i586.rpm
 a237cc30a57ea6558fa26a04b9f3651b  
2009.1/i586/mono-nunit-2.2-2.1mdv2009.1.i586.rpm
 382a16b45688e1643f1891b3d1d95a22  
2009.1/i586/mono-wcf-2.2-2.1mdv2009.1.i586.rpm
 f4e6ada2408f0da6a96fdb28e3999049  
2009.1/i586/mono-web-2.2-2.1mdv2009.1.i586.rpm
 cfe865c6c6fc5e1fa705d169595b0b4d  
2009.1/i586/mono-winforms-2.2-2.1mdv2009.1.i586.rpm 
 7232fac0d533279ca536237489068246  2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 bff1779d589c70471dbb6b05ee82e227  2009.1/x86_64/jay-2.2-2.1mdv2009.1.x86_64.rpm
 a03b05d0e5f94da47e5c3105b2d0df22  
2009.1/x86_64/lib64mono0-2.2-2.1mdv2009.1.x86_64.rpm
 828983abe2dcb2d8a2967458bb90588f  
2009.1/x86_64/lib64mono-devel-2.2-2.1mdv2009.1.x86_64.rpm
 0c60ed0e602dcae3ec7308ee937133b0  
2009.1/x86_64/mono-2.2-2.1mdv2009.1.x86_64.rpm
 8bc1829108be95bb5e69a2ae3a920d5c  
2009.1/x86_64/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.x86_64.rpm
 85ae4608e417cdb09f22e8105010666f  
2009.1/x86_64/mono-data-2.2-2.1mdv2009.1.x86_64.rpm
 3e280a15afa1e0e49260d0a1cab64ba9  
2009.1/x86_64/mono-data-firebird-2.2-2.1mdv2009.1.x86_64.rpm
 8b46279669d7058b4e694f10abfc5a71  
2009.1/x86_64/mono-data-oracle-2.2-2.1mdv2009.1.x86_64.rpm
 08bb987e63fa734630fa42cbd4765e5f  
2009.1/x86_64/mono-data-postgresql-2.2-2.1mdv2009.1.x86_64.rpm
 0de9d14ce9a694486ed1fc61fc849622  
2009.1/x86_64/mono-data-sqlite-2.2-2.1mdv2009.1.x86_64.rpm
 22686169abac34886e19a8e8ae317a2d  
2009.1/x86_64/mono-data-sybase-2.2-2.1mdv2009.1.x86_64.rpm
 ac03ca7841196be3fb34cb952d426078  
2009.1/x86_64/mono-doc-2.2-2.1mdv2009.1.x86_64.rpm
 a36a5699db35f9e265a2082cb9d47d9a  
2009.1/x86_64/monodoc-core-2.2-2.1mdv2009.1.x86_64.rpm
 96bf175550b6f4ae2713711c603226a5  
2009.1/x86_64/mono-extras-2.2-2.1mdv2009.1.x86_64.rpm
 da4fd7e69ca81b3ac9c633905699b706  
2009.1/x86_64/mono-ibm-data-db2-2.2-2.1mdv2009.1.x86_64.rpm
 d31b2c8140166736ce6a4adb00c9b2f7  
2009.1/x86_64/mono-jscript-2.2-2.1mdv2009.1.x86_64.rpm
 158058655ac916fb99bd9b16dab7f6c2  
2009.1/x86_64/mono-locale-extras-2.2-2.1mdv2009.1.x86_64.rpm
 1c4a616ecab13e6ecd21fc236fd0f075  
2009.1/x86_64/mono-nunit-2.2-2.1mdv2009.1.x86_64.rpm
 9cbdfc4932b805bbe20c8efd313b11c0  
2009.1/x86_64/mono-wcf-2.2-2.1mdv2009.1.x86_64.rpm
 e6a47f1c4de5510bee4219e90380e679  
2009.1/x86_64/mono-web-2.2-2.1mdv2009.1.x86_64.rpm
 85901b71e4bea731f859f5fafdcb741f  
2009.1/x86_64/mono-winforms-2.2-2.1mdv2009.1.x86_64.rpm 
 7232fac0d533279ca536237489068246  2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK0wvymqjQ0CJFipgRAlhzAKDoXKLa2qW+Id1s0NHhWhk3kqgiCQCdEp47
oPQSF0uxU0unkgRuLO7EGpY=
=xrI4
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/