[Security Announce] [ MDVSA-2008:210 ] mono

news · October 4, 2008

This is a multi-part message in MIME format...

------------=_1223079313-14940-16

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:210

http://www.mandriva.com/security/

_______________________________________________________________________

Package : mono

Date : October 3, 2008

Affected: 2007.1, 2008.0, 2008.1

_______________________________________________________________________

Problem Description:

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows

remote attackers to inject arbitrary HTTP headers and conduct HTTP

response splitting attacks via CRLF sequences in the query string.

The updated packages have been patched to fix the issue.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:

33213a75545728ba80dabc78854376aa 2007.1/i586/jay-1.2.3.1-4.2mdv2007.1.i586.rpm

2879f218520f88400db457f3696fa752 2007.1/i586/libmono0-1.2.3.1-4.2mdv2007.1.i586.rpm

da6ba149545134c7f551afd5a3822fce 2007.1/i586/libmono0-devel-1.2.3.1-4.2mdv2007.1.i586.rpm

7cc6408f71a5d1b78434fd688172bfab 2007.1/i586/mono-1.2.3.1-4.2mdv2007.1.i586.rpm

c6b9d4e73ee8a80efef6ab3722b39512 2007.1/i586/mono-bytefx-data-mysql-1.2.3.1-4.2mdv2007.1.i586.rpm

d7c43bee87f7eec42fb1d5a04b5f4b91 2007.1/i586/mono-data-1.2.3.1-4.2mdv2007.1.i586.rpm

02c86ffbd50722810e3fe0d52ef71f12 2007.1/i586/mono-data-firebird-1.2.3.1-4.2mdv2007.1.i586.rpm

fd99fa689b0bd8b5f182c438fb176ea8 2007.1/i586/mono-data-oracle-1.2.3.1-4.2mdv2007.1.i586.rpm

dc767934e9c968aa2c8c04dac55f028d 2007.1/i586/mono-data-postgresql-1.2.3.1-4.2mdv2007.1.i586.rpm

ec8bf1ec89443da0b08adcbc8b276eaf 2007.1/i586/mono-data-sqlite-1.2.3.1-4.2mdv2007.1.i586.rpm

2a24841df688f5d547e105c6e1789e7f 2007.1/i586/mono-data-sybase-1.2.3.1-4.2mdv2007.1.i586.rpm

c40e6ee882c2da9afa9a2497f9c7cc4f 2007.1/i586/mono-doc-1.2.3.1-4.2mdv2007.1.i586.rpm

5f9531eed6e615513d3f50f9b9b18fa6 2007.1/i586/mono-extras-1.2.3.1-4.2mdv2007.1.i586.rpm

7d54fa08d53d55b11a22b1950e100b4d 2007.1/i586/mono-ibm-data-db2-1.2.3.1-4.2mdv2007.1.i586.rpm

6191d7249a7e53719df10a62ee2feb29 2007.1/i586/mono-jscript-1.2.3.1-4.2mdv2007.1.i586.rpm

ce55d1111f656b8e5b2e6a985604104b 2007.1/i586/mono-locale-extras-1.2.3.1-4.2mdv2007.1.i586.rpm

230155cb67b8e86c29069fce862c21ce 2007.1/i586/mono-nunit-1.2.3.1-4.2mdv2007.1.i586.rpm

51e6a81000c3c1b912ed48fe0fd02d0b 2007.1/i586/mono-web-1.2.3.1-4.2mdv2007.1.i586.rpm

82e603977eeb1c1b4a0fe1f1fbb4b895 2007.1/i586/mono-winforms-1.2.3.1-4.2mdv2007.1.i586.rpm

44c5527b4696108d04a11dc21867140b 2007.1/SRPMS/mono-1.2.3.1-4.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:

61204f9f669c4ea0585f352b058211d1 2007.1/x86_64/jay-1.2.3.1-4.2mdv2007.1.x86_64.rpm

21ab48222f9a4c929e7344b2c869e351 2007.1/x86_64/lib64mono0-1.2.3.1-4.2mdv2007.1.x86_64.rpm

515be0e0ca293391af8f76655ea97446 2007.1/x86_64/lib64mono0-devel-1.2.3.1-4.2mdv2007.1.x86_64.rpm

cfa21e3aed6192000e19ff4523cca043 2007.1/x86_64/mono-1.2.3.1-4.2mdv2007.1.x86_64.rpm

f91dcc299003ce78dbbd3f9e9b7d86ed 2007.1/x86_64/mono-bytefx-data-mysql-1.2.3.1-4.2mdv2007.1.x86_64.rpm

72238f1d1a71022f8cb28f515ed4b640 2007.1/x86_64/mono-data-1.2.3.1-4.2mdv2007.1.x86_64.rpm

00078841edbd27e68c261745a34188b3 2007.1/x86_64/mono-data-firebird-1.2.3.1-4.2mdv2007.1.x86_64.rpm

523c29691a8a279bf0d7d4536d5a3abb 2007.1/x86_64/mono-data-oracle-1.2.3.1-4.2mdv2007.1.x86_64.rpm

9b6a658fc9b121a6ea1d437f83d2a850 2007.1/x86_64/mono-data-postgresql-1.2.3.1-4.2mdv2007.1.x86_64.rpm

0dfde2a38caf1d5c27b1b3a25b409f6b 2007.1/x86_64/mono-data-sqlite-1.2.3.1-4.2mdv2007.1.x86_64.rpm

90225a6ea8da883c0baae11ba9c6e78f 2007.1/x86_64/mono-data-sybase-1.2.3.1-4.2mdv2007.1.x86_64.rpm

bc71d8a12be676d91265cc7df7248ecd 2007.1/x86_64/mono-doc-1.2.3.1-4.2mdv2007.1.x86_64.rpm

b54455349e3445e00087526417254abf 2007.1/x86_64/mono-extras-1.2.3.1-4.2mdv2007.1.x86_64.rpm

d39cf678f1e9308519a1636f7ea92f1f 2007.1/x86_64/mono-ibm-data-db2-1.2.3.1-4.2mdv2007.1.x86_64.rpm

40a47b86f9147c4d29349c0e4f11c9cd 2007.1/x86_64/mono-jscript-1.2.3.1-4.2mdv2007.1.x86_64.rpm

d12d432fe87289ff96c09c2aad636b41 2007.1/x86_64/mono-locale-extras-1.2.3.1-4.2mdv2007.1.x86_64.rpm

a8d85b4b9459841b0e81745212f12c17 2007.1/x86_64/mono-nunit-1.2.3.1-4.2mdv2007.1.x86_64.rpm

3a6f55b9cc54633556ba587cab35c85c 2007.1/x86_64/mono-web-1.2.3.1-4.2mdv2007.1.x86_64.rpm

1f7a0a2e9820094dc620775734d5753a 2007.1/x86_64/mono-winforms-1.2.3.1-4.2mdv2007.1.x86_64.rpm

44c5527b4696108d04a11dc21867140b 2007.1/SRPMS/mono-1.2.3.1-4.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:

e440db67f8ec5d285a7e302f67c54602 2008.0/i586/jay-1.2.5-4.2mdv2008.0.i586.rpm

0e6b2a56bf2afa7e7efe9d2b81a4b1e7 2008.0/i586/libmono0-1.2.5-4.2mdv2008.0.i586.rpm

2e3bedd273b74ef985f0664c3fe41091 2008.0/i586/libmono-devel-1.2.5-4.2mdv2008.0.i586.rpm

dc7843f9b8449c0284b710772a42b79d 2008.0/i586/mono-1.2.5-4.2mdv2008.0.i586.rpm

c61c9a71127ce59ed0c3258644a6c054 2008.0/i586/mono-bytefx-data-mysql-1.2.5-4.2mdv2008.0.i586.rpm

b7df0cbe0dd9d06493f560ed42e9c5c5 2008.0/i586/mono-data-1.2.5-4.2mdv2008.0.i586.rpm

92bf88ceb2f0682f8ab1c41aa9e29c48 2008.0/i586/mono-data-firebird-1.2.5-4.2mdv2008.0.i586.rpm

0f237a9773c57876762c4008c667f5ae 2008.0/i586/mono-data-oracle-1.2.5-4.2mdv2008.0.i586.rpm

e47ac96e6ff386dc0c9ea6813bcc8e86 2008.0/i586/mono-data-postgresql-1.2.5-4.2mdv2008.0.i586.rpm

b5e211ed04aa0fe9d42319e62cd5ec16 2008.0/i586/mono-data-sqlite-1.2.5-4.2mdv2008.0.i586.rpm

afee74831573c3a011fc75189000e40b 2008.0/i586/mono-data-sybase-1.2.5-4.2mdv2008.0.i586.rpm

8b9444c3357dbeaf9e01759bb540af13 2008.0/i586/mono-doc-1.2.5-4.2mdv2008.0.i586.rpm

2b13edcb7a0faf24eb476e040abdcf89 2008.0/i586/mono-extras-1.2.5-4.2mdv2008.0.i586.rpm

c9afd81fbd68b3af35d59e0029b05a18 2008.0/i586/mono-ibm-data-db2-1.2.5-4.2mdv2008.0.i586.rpm

844c2c859538f6097ffacc2185112aa7 2008.0/i586/mono-jscript-1.2.5-4.2mdv2008.0.i586.rpm

39b14d20448512d84853abd3816f2b00 2008.0/i586/mono-locale-extras-1.2.5-4.2mdv2008.0.i586.rpm

1db3fc6392a7027e4f906120eff6c5f4 2008.0/i586/mono-nunit-1.2.5-4.2mdv2008.0.i586.rpm

b9ab59d2f6d7bb88aec28cfd58f4a3e1 2008.0/i586/mono-web-1.2.5-4.2mdv2008.0.i586.rpm

c3ca573bd2df5045e158edeee7100ac1 2008.0/i586/mono-winforms-1.2.5-4.2mdv2008.0.i586.rpm

5774758e02d44a1e25954a282dcec114 2008.0/SRPMS/mono-1.2.5-4.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

887d7492f9d184d321e2b50078a2960b 2008.0/x86_64/jay-1.2.5-4.2mdv2008.0.x86_64.rpm

fe81bf7e97b92e0e7df76e53a553d677 2008.0/x86_64/lib64mono0-1.2.5-4.2mdv2008.0.x86_64.rpm

db16848f3751a405c858b95252b2bf30 2008.0/x86_64/lib64mono-devel-1.2.5-4.2mdv2008.0.x86_64.rpm

820045515f0cda949c6c47728963f6e5 2008.0/x86_64/mono-1.2.5-4.2mdv2008.0.x86_64.rpm

e292ceaa2e468e15671796c226f7180a 2008.0/x86_64/mono-bytefx-data-mysql-1.2.5-4.2mdv2008.0.x86_64.rpm

ea7ba847015e1990a3bf4d2317084191 2008.0/x86_64/mono-data-1.2.5-4.2mdv2008.0.x86_64.rpm

9166aecd5a003a46b4b231f239d288fa 2008.0/x86_64/mono-data-firebird-1.2.5-4.2mdv2008.0.x86_64.rpm

b899d6863e2f26a66720f5044524ed3d 2008.0/x86_64/mono-data-oracle-1.2.5-4.2mdv2008.0.x86_64.rpm

8772d8ffa4f1f28f7c93d80dbe5ef295 2008.0/x86_64/mono-data-postgresql-1.2.5-4.2mdv2008.0.x86_64.rpm

4af23a4d43ea4ec9b2c1082775ead565 2008.0/x86_64/mono-data-sqlite-1.2.5-4.2mdv2008.0.x86_64.rpm

a294cd3e480c06bde1d3a89afae9dc46 2008.0/x86_64/mono-data-sybase-1.2.5-4.2mdv2008.0.x86_64.rpm

a43f6184f2cd50fab287d940bee99341 2008.0/x86_64/mono-doc-1.2.5-4.2mdv2008.0.x86_64.rpm

8df7250391e48bc12134dd92aaee3f2a 2008.0/x86_64/mono-extras-1.2.5-4.2mdv2008.0.x86_64.rpm

48f3c83b2cfd25354211ecf5080b3f52 2008.0/x86_64/mono-ibm-data-db2-1.2.5-4.2mdv2008.0.x86_64.rpm

f1d2bd1f6b7884474697203d011b7f41 2008.0/x86_64/mono-jscript-1.2.5-4.2mdv2008.0.x86_64.rpm

3696ebc448c50f9003cba99d82b352bc 2008.0/x86_64/mono-locale-extras-1.2.5-4.2mdv2008.0.x86_64.rpm

7b6f80e0648df7063a58a970d458d1af 2008.0/x86_64/mono-nunit-1.2.5-4.2mdv2008.0.x86_64.rpm

53ea6788122b45c2ecd03973424fde8b 2008.0/x86_64/mono-web-1.2.5-4.2mdv2008.0.x86_64.rpm

d57531d94f57264f635b4ece3d415798 2008.0/x86_64/mono-winforms-1.2.5-4.2mdv2008.0.x86_64.rpm

5774758e02d44a1e25954a282dcec114 2008.0/SRPMS/mono-1.2.5-4.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:

c2a6a54629cda03a711b15d956ad48f1 2008.1/i586/jay-1.2.6-4.1mdv2008.1.i586.rpm

b2cdd14102b90342d3abc389ba3610b8 2008.1/i586/libmono0-1.2.6-4.1mdv2008.1.i586.rpm

45abeafb948f63b555399292ac1c155c 2008.1/i586/libmono-devel-1.2.6-4.1mdv2008.1.i586.rpm

5163daca32007961de96a4aed0ee3576 2008.1/i586/mono-1.2.6-4.1mdv2008.1.i586.rpm

b269506c27ed8b7a01ea6fd04aa68b2c 2008.1/i586/mono-bytefx-data-mysql-1.2.6-4.1mdv2008.1.i586.rpm

3763c1004ab62d125ae2e656e8e3bead 2008.1/i586/mono-data-1.2.6-4.1mdv2008.1.i586.rpm

706a44056e1498be81465db9d9ab1930 2008.1/i586/mono-data-firebird-1.2.6-4.1mdv2008.1.i586.rpm

3cea1df02c8ecf3a6318a91fd93a8df4 2008.1/i586/mono-data-oracle-1.2.6-4.1mdv2008.1.i586.rpm

752d16b45dc2a423a43b0c6e98262f5c 2008.1/i586/mono-data-postgresql-1.2.6-4.1mdv2008.1.i586.rpm

3f426b28984451a81be9bdbc16731c11 2008.1/i586/mono-data-sqlite-1.2.6-4.1mdv2008.1.i586.rpm

79a222d28afb85666b66b16656b6db01 2008.1/i586/mono-data-sybase-1.2.6-4.1mdv2008.1.i586.rpm

45eae87984a073a7b8dfa059857994c6 2008.1/i586/mono-doc-1.2.6-4.1mdv2008.1.i586.rpm

99ebd7c0ff7bae26c203444a3006b1ae 2008.1/i586/mono-extras-1.2.6-4.1mdv2008.1.i586.rpm

fc6467c8bf378553c1ce1212cdf862e6 2008.1/i586/mono-ibm-data-db2-1.2.6-4.1mdv2008.1.i586.rpm

7c5bd0f7060fb7e8584949be3b02e48e 2008.1/i586/mono-jscript-1.2.6-4.1mdv2008.1.i586.rpm

d8924d716ea0ca0b0d4cdbfd8716c8a7 2008.1/i586/mono-locale-extras-1.2.6-4.1mdv2008.1.i586.rpm

d9066626a5d602a21e0e83743cbba98f 2008.1/i586/mono-nunit-1.2.6-4.1mdv2008.1.i586.rpm

508f141816c872cbfb2ba33d2333c20d 2008.1/i586/mono-web-1.2.6-4.1mdv2008.1.i586.rpm

fe6afbabdedd6bed5b6787fd32e555cf 2008.1/i586/mono-winforms-1.2.6-4.1mdv2008.1.i586.rpm

ec2b756483755c770a038a89fa2b4558 2008.1/SRPMS/mono-1.2.6-4.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:

38159f51314a664bda8be4d5ac78c838 2008.1/x86_64/jay-1.2.6-4.1mdv2008.1.x86_64.rpm

3867b5b1c6b833aef4a3200025c11698 2008.1/x86_64/lib64mono0-1.2.6-4.1mdv2008.1.x86_64.rpm

9b34901a35a959f92c7ccf41dc622e7d 2008.1/x86_64/lib64mono-devel-1.2.6-4.1mdv2008.1.x86_64.rpm

f58d94a88270d64ab65518487ade64c1 2008.1/x86_64/mono-1.2.6-4.1mdv2008.1.x86_64.rpm

6c2b4395b61edf9e90947f8b31df174a 2008.1/x86_64/mono-bytefx-data-mysql-1.2.6-4.1mdv2008.1.x86_64.rpm

bc13ae1bf13544a69c6d4c65571fc6c1 2008.1/x86_64/mono-data-1.2.6-4.1mdv2008.1.x86_64.rpm

2ff830e90768927b2313fca1bd2e3867 2008.1/x86_64/mono-data-firebird-1.2.6-4.1mdv2008.1.x86_64.rpm

5670152b5beb3d7df66b992b6129cf78 2008.1/x86_64/mono-data-oracle-1.2.6-4.1mdv2008.1.x86_64.rpm

5d35833bc95cba9bc9e6612545f3d5ef 2008.1/x86_64/mono-data-postgresql-1.2.6-4.1mdv2008.1.x86_64.rpm

c928b1106a8549f390921be5586bb8d3 2008.1/x86_64/mono-data-sqlite-1.2.6-4.1mdv2008.1.x86_64.rpm

c73fe1acfe6bad1464ded4d0ec07d0ab 2008.1/x86_64/mono-data-sybase-1.2.6-4.1mdv2008.1.x86_64.rpm

71ede1c3f537727f9bed64bf907d505d 2008.1/x86_64/mono-doc-1.2.6-4.1mdv2008.1.x86_64.rpm

13bc42bb77fb01c5472f9346959a54fc 2008.1/x86_64/mono-extras-1.2.6-4.1mdv2008.1.x86_64.rpm

324d7824f09943da2782d8e9882556a2 2008.1/x86_64/mono-ibm-data-db2-1.2.6-4.1mdv2008.1.x86_64.rpm

178b5f1897be0b1a8345f6f789c5d114 2008.1/x86_64/mono-jscript-1.2.6-4.1mdv2008.1.x86_64.rpm

24bcfc417441e037bb3699c15f6138d0 2008.1/x86_64/mono-locale-extras-1.2.6-4.1mdv2008.1.x86_64.rpm

78856fb36cc4ba34f2f1a5866f4d8286 2008.1/x86_64/mono-nunit-1.2.6-4.1mdv2008.1.x86_64.rpm

a0565351873bddd9d211a98d1467f055 2008.1/x86_64/mono-web-1.2.6-4.1mdv2008.1.x86_64.rpm

00ae4d7f9547719004cd18269f656fa2 2008.1/x86_64/mono-winforms-1.2.6-4.1mdv2008.1.x86_64.rpm

ec2b756483755c770a038a89fa2b4558 2008.1/SRPMS/mono-1.2.6-4.1mdv2008.1.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI5ohPmqjQ0CJFipgRAjYIAKCzXMe3gTau6/loKPvYMIe5OL93WACg7uz+

eS11qH2o6fIDbh/ulAFmrpg=

=McWr

-----END PGP SIGNATURE-----

------------=_1223079313-14940-16

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1223079313-14940-16--

Sign In

[Security Announce] [ MDVSA-2008:210 ] mono

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity