Ubuntu 12.04 LTS: USN-1517-1 Moderate: Mono Information Exposure Issue
Jul 25, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Mono could be made to expose sensitive information over the network.
=========================================================================Ubuntu Security Notice USN-1517-1 July 25, 2012 mono vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Mono could be made to expose sensitive information over the network. Software Description: - mono: Mono is a platform for running and developing applications Details: It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382) It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-1459) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libmono-system-web2.0-cil 2.10.8.1-1ubuntu2.2 libmono-system-web4.0-cil 2.10.8.1-1ubuntu2.2 Ubuntu 11.10: libmono-system-web2.0-cil 2.10.5-1ubuntu0.1 libmono-system-web4.0-cil 2.10.5-1ubuntu0.1 Ubuntu 11.04: libmono-system-web1.0-cil 2.6.7-5ubuntu3.1 libmono-system-web2.0-cil 2.6.7-5ubuntu3.1 Ubuntu 10.04 LTS: libmono-system-web1.0-cil 2.4.4~svn151842-1ubuntu4.1 libmono-system-web2.0-cil 2.4.4~svn151842-1ubuntu4.1 After a standard system update you need to restart Mono applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1517-1 CVE-2010-1459, CVE-2012-3382 Package Information: https://launchpad.net/ubuntu/+source/mono/2.10.8.1-1ubuntu2.2 https://launchpad.net/ubuntu/+source/mono/2.10.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mono/2.6.7-5ubuntu3.1 https://launchpad.net/ubuntu/+source/mono/2.4.4~svn151842-1ubuntu4.1
PREVIOUS
NEXT
Ubuntu 12.04 LTS: USN-1517-1 Moderate: Mono Information Exposure Issue
ubuntu
July 25, 2012
Mono could be made to expose sensitive information over the network.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libmono-system-web2.0-cil 2.10.8.1-1ubuntu2.2 libmono-system-web4.0-cil 2.10.8.1-1ubuntu2.2 Ubuntu 11.10: libmono-system-web2.0-cil 2.10.5-1ubuntu0.1 libmono-system-web4.0-cil 2.10.5-1ubuntu0.1 Ubuntu 11.04: libmono-system-web1.0-cil 2.6.7-5ubuntu3.1 libmono-system-web2.0-cil 2.6.7-5ubuntu3.1 Ubuntu 10.04 LTS: libmono-system-web1.0-cil 2.4.4~svn151842-1ubuntu4.1 libmono-system-web2.0-cil 2.4.4~svn151842-1ubuntu4.1 After a standard system update you need to restart Mono applications to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1517-1
CVE-2010-1459, CVE-2012-3382
July 25, 2012
Package Information
https://launchpad.net/ubuntu/+source/mono/2.10.8.1-1ubuntu2.2 https://launchpad.net/ubuntu/+source/mono/2.10.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mono/2.6.7-5ubuntu3.1 https://launchpad.net/ubuntu/+source/mono/2.4.4~svn151842-1ubuntu4.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!