Package "libmono-microsoft8.0-cil"
Name: |
libmono-microsoft8.0-cil
|
Description: |
Mono Microsoft libraries (for CLI 2.0)
|
Latest version: |
2.10.8.1-1ubuntu2.3 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
mono |
Homepage: |
http://www.mono-project.com/ |
Links
Download "libmono-microsoft8.0-cil"
Other versions of "libmono-microsoft8.0-cil" in Precise
Changelog
mono (2.10.8.1-1ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2011-0992.patch: fix access to freed members of a
dead thread in mono/metadata/threads.c.
- CVE-2011-0992
* SECURITY UPDATE: denial of service via hash collision
- debian/patches/CVE-2012-3543.patch: add a better hash provider to
mcs/class/System.Web/System.Web.UI/Page.cs,
mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
mcs/class/System.Web/System.Web.dll.sources,
mcs/class/System.Web/System.Web/WebROCollection.cs.
- CVE-2012-3543
* SECURITY UPDATE: TLS impersonation attack
- debian/patches/CVE-2015-2318.patch: add handshake state validation to
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
- CVE-2015-2318
* SECURITY UPDATE: FREAK attack vulnerability
- debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
- CVE-2015-2319
* SECURITY UPDATE: SSLv2 support
- debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
- CVE-2015-2320
* debian/source/options: Don't use single-debian-patch for Ubuntu.
-- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 14:30:11 -0400
|
Source diff to previous version |
CVE-2011-0992 |
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of serv |
CVE-2015-2318 |
SKIP-TLS issue |
CVE-2015-2319 |
FREAK issue |
CVE-2015-2320 |
Related to "remove the client-side SSLv2 fallback" |
|
mono (2.10.8.1-1ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2012-3382.patch: properly escape error message in
mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
- CVE-2012-3382
-- Marc Deslauriers <email address hidden> Tue, 24 Jul 2012 13:29:38 -0400
|
CVE-2012-3382 |
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and |
|
About
-
Send Feedback to @ubuntu_updates