Ubuntu 14.04 LTS USN-2547-1 Critical Mono TLS Security Update
Mar 24, 2015
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Several security issues were fixed in Mono.
=========================================================================Ubuntu Security Notice USN-2547-1 March 24, 2015 mono vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Mono. Software Description: - mono: Mono is a platform for running and developing applications Details: It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. (CVE-2015-2319) It was discovered that the Mono TLS implementation still supported a fallback to SSLv2. This update removes the functionality as use of SSLv2 is known to be insecure. (CVE-2015-2320) It was discovered that Mono incorrectly handled memory in certain circumstances. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service, or to obtain sensitive information. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-0992) It was discovered that Mono incorrectly handled hash collisions. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS. (CVE-2012-3543) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libmono-2.0-1 3.2.8+dfsg-4ubuntu2.1 mono-runtime 3.2.8+dfsg-4ubuntu2.1 Ubuntu 14.04 LTS: libmono-2.0-1 3.2.8+dfsg-4ubuntu1.1 mono-runtime 3.2.8+dfsg-4ubuntu1.1 Ubuntu 12.04 LTS: libmono-2.0-1 2.10.8.1-1ubuntu2.3 mono-runtime 2.10.8.1-1ubuntu2.3 After a standard system update you need to restart Mono applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2547-1 CVE-2011-0992, CVE-2012-3543, CVE-2015-2318, CVE-2015-2319, CVE-2015-2320 Package Information: https://launchpad.net/ubuntu/+source/mono/3.2.8+dfsg-4ubuntu2.1 https://launchpad.net/ubuntu/+source/mono/3.2.8+dfsg-4ubuntu1.1 https://launchpad.net/ubuntu/+source/mono/2.10.8.1-1ubuntu2.3
PREVIOUS
NEXT
Ubuntu 14.04 LTS USN-2547-1 Critical Mono TLS Security Update
ubuntu
March 24, 2015
Several security issues were fixed in Mono.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libmono-2.0-1 3.2.8+dfsg-4ubuntu2.1 mono-runtime 3.2.8+dfsg-4ubuntu2.1 Ubuntu 14.04 LTS: libmono-2.0-1 3.2.8+dfsg-4ubuntu1.1 mono-runtime 3.2.8+dfsg-4ubuntu1.1 Ubuntu 12.04 LTS: libmono-2.0-1 2.10.8.1-1ubuntu2.3 mono-runtime 2.10.8.1-1ubuntu2.3 After a standard system update you need to restart Mono applications to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2547-1
CVE-2011-0992, CVE-2012-3543, CVE-2015-2318, CVE-2015-2319,
CVE-2015-2320
Severity
critical
Lowest
Low
Medium
High
Critical
March 24, 2015
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/mono/3.2.8+dfsg-4ubuntu2.1 https://launchpad.net/ubuntu/+source/mono/3.2.8+dfsg-4ubuntu1.1 https://launchpad.net/ubuntu/+source/mono/2.10.8.1-1ubuntu2.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!