Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 14.04 LTS USN-2547-1 Critical Mono TLS Security Update

ubuntu
Calendar Grey March 24, 2015
Dist Ubuntu Esm H88
Several vulnerabilities in Mono have been addressed for Ubuntu versions 14.10, 14.04 LTS, and 12.04 LTS. Ensure your system is up-to-date to maintain security.
Several security issues were fixed in Mono.

Summary

Several security issues were fixed in Mono.

Software Description:

- mono: Mono is a platform for running and developing applications

Details:

It was discovered that the Mono TLS implementation was vulnerable to the

SKIP-TLS vulnerability. A remote attacker could possibly use this issue

to perform client impersonation attacks. (CVE-2015-2318)

It was discovered that the Mono TLS implementation was vulnerable to the

FREAK vulnerability. A remote attacker or a man in the middle could

possibly use this issue to force the use of insecure ciphersuites.

(CVE-2015-2319)

It was discovered that the Mono TLS implementation still supported a

fallback to SSLv2. This update removes the functionality as use of SSLv2 is

known to be insecure. (CVE-2015-2320)

It was discovered that Mono incorrectly handled memory in certain

circumstances. A remote attacker could possibly use this issue to cause

Mono to crash, resulting in a denial of service, or to obtain sensitive

infor...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libmono-2.0-1                   3.2.8+dfsg-4ubuntu2.1
  mono-runtime                    3.2.8+dfsg-4ubuntu2.1

Ubuntu 14.04 LTS:
  libmono-2.0-1                   3.2.8+dfsg-4ubuntu1.1
  mono-runtime                    3.2.8+dfsg-4ubuntu1.1

Ubuntu 12.04 LTS:
  libmono-2.0-1                   2.10.8.1-1ubuntu2.3
  mono-runtime                    2.10.8.1-1ubuntu2.3

After a standard system update you need to restart Mono applications to
make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2547-1

CVE-2011-0992, CVE-2012-3543, CVE-2015-2318, CVE-2015-2319,

CVE-2015-2320

Severity
critical
Lowest
Low
Medium
High
Critical

March 24, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.