Login
Newsletter
Werbung

Sicherheit: Mangelnde Eingabeprüfung in mono
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in mono
ID: MDVSA-2008:210
Distribution: Mandriva
Plattformen: Mandriva 2007.1, Mandriva 2008.0, Mandriva 2008.1
Datum: Sa, 4. Oktober 2008, 02:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906
Applikationen: Mono

Originalnachricht

This is a multi-part message in MIME format...

------------=_1223079313-14940-16


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:210
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mono
Date : October 3, 2008
Affected: 2007.1, 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via CRLF sequences in the query string.

The updated packages have been patched to fix the issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
33213a75545728ba80dabc78854376aa
2007.1/i586/jay-1.2.3.1-4.2mdv2007.1.i586.rpm
2879f218520f88400db457f3696fa752
2007.1/i586/libmono0-1.2.3.1-4.2mdv2007.1.i586.rpm
da6ba149545134c7f551afd5a3822fce
2007.1/i586/libmono0-devel-1.2.3.1-4.2mdv2007.1.i586.rpm
7cc6408f71a5d1b78434fd688172bfab
2007.1/i586/mono-1.2.3.1-4.2mdv2007.1.i586.rpm
c6b9d4e73ee8a80efef6ab3722b39512
2007.1/i586/mono-bytefx-data-mysql-1.2.3.1-4.2mdv2007.1.i586.rpm
d7c43bee87f7eec42fb1d5a04b5f4b91
2007.1/i586/mono-data-1.2.3.1-4.2mdv2007.1.i586.rpm
02c86ffbd50722810e3fe0d52ef71f12
2007.1/i586/mono-data-firebird-1.2.3.1-4.2mdv2007.1.i586.rpm
fd99fa689b0bd8b5f182c438fb176ea8
2007.1/i586/mono-data-oracle-1.2.3.1-4.2mdv2007.1.i586.rpm
dc767934e9c968aa2c8c04dac55f028d
2007.1/i586/mono-data-postgresql-1.2.3.1-4.2mdv2007.1.i586.rpm
ec8bf1ec89443da0b08adcbc8b276eaf
2007.1/i586/mono-data-sqlite-1.2.3.1-4.2mdv2007.1.i586.rpm
2a24841df688f5d547e105c6e1789e7f
2007.1/i586/mono-data-sybase-1.2.3.1-4.2mdv2007.1.i586.rpm
c40e6ee882c2da9afa9a2497f9c7cc4f
2007.1/i586/mono-doc-1.2.3.1-4.2mdv2007.1.i586.rpm
5f9531eed6e615513d3f50f9b9b18fa6
2007.1/i586/mono-extras-1.2.3.1-4.2mdv2007.1.i586.rpm
7d54fa08d53d55b11a22b1950e100b4d
2007.1/i586/mono-ibm-data-db2-1.2.3.1-4.2mdv2007.1.i586.rpm
6191d7249a7e53719df10a62ee2feb29
2007.1/i586/mono-jscript-1.2.3.1-4.2mdv2007.1.i586.rpm
ce55d1111f656b8e5b2e6a985604104b
2007.1/i586/mono-locale-extras-1.2.3.1-4.2mdv2007.1.i586.rpm
230155cb67b8e86c29069fce862c21ce
2007.1/i586/mono-nunit-1.2.3.1-4.2mdv2007.1.i586.rpm
51e6a81000c3c1b912ed48fe0fd02d0b
2007.1/i586/mono-web-1.2.3.1-4.2mdv2007.1.i586.rpm
82e603977eeb1c1b4a0fe1f1fbb4b895
2007.1/i586/mono-winforms-1.2.3.1-4.2mdv2007.1.i586.rpm
44c5527b4696108d04a11dc21867140b
2007.1/SRPMS/mono-1.2.3.1-4.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
61204f9f669c4ea0585f352b058211d1
2007.1/x86_64/jay-1.2.3.1-4.2mdv2007.1.x86_64.rpm
21ab48222f9a4c929e7344b2c869e351
2007.1/x86_64/lib64mono0-1.2.3.1-4.2mdv2007.1.x86_64.rpm
515be0e0ca293391af8f76655ea97446
2007.1/x86_64/lib64mono0-devel-1.2.3.1-4.2mdv2007.1.x86_64.rpm
cfa21e3aed6192000e19ff4523cca043
2007.1/x86_64/mono-1.2.3.1-4.2mdv2007.1.x86_64.rpm
f91dcc299003ce78dbbd3f9e9b7d86ed
2007.1/x86_64/mono-bytefx-data-mysql-1.2.3.1-4.2mdv2007.1.x86_64.rpm
72238f1d1a71022f8cb28f515ed4b640
2007.1/x86_64/mono-data-1.2.3.1-4.2mdv2007.1.x86_64.rpm
00078841edbd27e68c261745a34188b3
2007.1/x86_64/mono-data-firebird-1.2.3.1-4.2mdv2007.1.x86_64.rpm
523c29691a8a279bf0d7d4536d5a3abb
2007.1/x86_64/mono-data-oracle-1.2.3.1-4.2mdv2007.1.x86_64.rpm
9b6a658fc9b121a6ea1d437f83d2a850
2007.1/x86_64/mono-data-postgresql-1.2.3.1-4.2mdv2007.1.x86_64.rpm
0dfde2a38caf1d5c27b1b3a25b409f6b
2007.1/x86_64/mono-data-sqlite-1.2.3.1-4.2mdv2007.1.x86_64.rpm
90225a6ea8da883c0baae11ba9c6e78f
2007.1/x86_64/mono-data-sybase-1.2.3.1-4.2mdv2007.1.x86_64.rpm
bc71d8a12be676d91265cc7df7248ecd
2007.1/x86_64/mono-doc-1.2.3.1-4.2mdv2007.1.x86_64.rpm
b54455349e3445e00087526417254abf
2007.1/x86_64/mono-extras-1.2.3.1-4.2mdv2007.1.x86_64.rpm
d39cf678f1e9308519a1636f7ea92f1f
2007.1/x86_64/mono-ibm-data-db2-1.2.3.1-4.2mdv2007.1.x86_64.rpm
40a47b86f9147c4d29349c0e4f11c9cd
2007.1/x86_64/mono-jscript-1.2.3.1-4.2mdv2007.1.x86_64.rpm
d12d432fe87289ff96c09c2aad636b41
2007.1/x86_64/mono-locale-extras-1.2.3.1-4.2mdv2007.1.x86_64.rpm
a8d85b4b9459841b0e81745212f12c17
2007.1/x86_64/mono-nunit-1.2.3.1-4.2mdv2007.1.x86_64.rpm
3a6f55b9cc54633556ba587cab35c85c
2007.1/x86_64/mono-web-1.2.3.1-4.2mdv2007.1.x86_64.rpm
1f7a0a2e9820094dc620775734d5753a
2007.1/x86_64/mono-winforms-1.2.3.1-4.2mdv2007.1.x86_64.rpm
44c5527b4696108d04a11dc21867140b
2007.1/SRPMS/mono-1.2.3.1-4.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e440db67f8ec5d285a7e302f67c54602 2008.0/i586/jay-1.2.5-4.2mdv2008.0.i586.rpm
0e6b2a56bf2afa7e7efe9d2b81a4b1e7
2008.0/i586/libmono0-1.2.5-4.2mdv2008.0.i586.rpm
2e3bedd273b74ef985f0664c3fe41091
2008.0/i586/libmono-devel-1.2.5-4.2mdv2008.0.i586.rpm
dc7843f9b8449c0284b710772a42b79d 2008.0/i586/mono-1.2.5-4.2mdv2008.0.i586.rpm
c61c9a71127ce59ed0c3258644a6c054
2008.0/i586/mono-bytefx-data-mysql-1.2.5-4.2mdv2008.0.i586.rpm
b7df0cbe0dd9d06493f560ed42e9c5c5
2008.0/i586/mono-data-1.2.5-4.2mdv2008.0.i586.rpm
92bf88ceb2f0682f8ab1c41aa9e29c48
2008.0/i586/mono-data-firebird-1.2.5-4.2mdv2008.0.i586.rpm
0f237a9773c57876762c4008c667f5ae
2008.0/i586/mono-data-oracle-1.2.5-4.2mdv2008.0.i586.rpm
e47ac96e6ff386dc0c9ea6813bcc8e86
2008.0/i586/mono-data-postgresql-1.2.5-4.2mdv2008.0.i586.rpm
b5e211ed04aa0fe9d42319e62cd5ec16
2008.0/i586/mono-data-sqlite-1.2.5-4.2mdv2008.0.i586.rpm
afee74831573c3a011fc75189000e40b
2008.0/i586/mono-data-sybase-1.2.5-4.2mdv2008.0.i586.rpm
8b9444c3357dbeaf9e01759bb540af13
2008.0/i586/mono-doc-1.2.5-4.2mdv2008.0.i586.rpm
2b13edcb7a0faf24eb476e040abdcf89
2008.0/i586/mono-extras-1.2.5-4.2mdv2008.0.i586.rpm
c9afd81fbd68b3af35d59e0029b05a18
2008.0/i586/mono-ibm-data-db2-1.2.5-4.2mdv2008.0.i586.rpm
844c2c859538f6097ffacc2185112aa7
2008.0/i586/mono-jscript-1.2.5-4.2mdv2008.0.i586.rpm
39b14d20448512d84853abd3816f2b00
2008.0/i586/mono-locale-extras-1.2.5-4.2mdv2008.0.i586.rpm
1db3fc6392a7027e4f906120eff6c5f4
2008.0/i586/mono-nunit-1.2.5-4.2mdv2008.0.i586.rpm
b9ab59d2f6d7bb88aec28cfd58f4a3e1
2008.0/i586/mono-web-1.2.5-4.2mdv2008.0.i586.rpm
c3ca573bd2df5045e158edeee7100ac1
2008.0/i586/mono-winforms-1.2.5-4.2mdv2008.0.i586.rpm
5774758e02d44a1e25954a282dcec114 2008.0/SRPMS/mono-1.2.5-4.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
887d7492f9d184d321e2b50078a2960b
2008.0/x86_64/jay-1.2.5-4.2mdv2008.0.x86_64.rpm
fe81bf7e97b92e0e7df76e53a553d677
2008.0/x86_64/lib64mono0-1.2.5-4.2mdv2008.0.x86_64.rpm
db16848f3751a405c858b95252b2bf30
2008.0/x86_64/lib64mono-devel-1.2.5-4.2mdv2008.0.x86_64.rpm
820045515f0cda949c6c47728963f6e5
2008.0/x86_64/mono-1.2.5-4.2mdv2008.0.x86_64.rpm
e292ceaa2e468e15671796c226f7180a
2008.0/x86_64/mono-bytefx-data-mysql-1.2.5-4.2mdv2008.0.x86_64.rpm
ea7ba847015e1990a3bf4d2317084191
2008.0/x86_64/mono-data-1.2.5-4.2mdv2008.0.x86_64.rpm
9166aecd5a003a46b4b231f239d288fa
2008.0/x86_64/mono-data-firebird-1.2.5-4.2mdv2008.0.x86_64.rpm
b899d6863e2f26a66720f5044524ed3d
2008.0/x86_64/mono-data-oracle-1.2.5-4.2mdv2008.0.x86_64.rpm
8772d8ffa4f1f28f7c93d80dbe5ef295
2008.0/x86_64/mono-data-postgresql-1.2.5-4.2mdv2008.0.x86_64.rpm
4af23a4d43ea4ec9b2c1082775ead565
2008.0/x86_64/mono-data-sqlite-1.2.5-4.2mdv2008.0.x86_64.rpm
a294cd3e480c06bde1d3a89afae9dc46
2008.0/x86_64/mono-data-sybase-1.2.5-4.2mdv2008.0.x86_64.rpm
a43f6184f2cd50fab287d940bee99341
2008.0/x86_64/mono-doc-1.2.5-4.2mdv2008.0.x86_64.rpm
8df7250391e48bc12134dd92aaee3f2a
2008.0/x86_64/mono-extras-1.2.5-4.2mdv2008.0.x86_64.rpm
48f3c83b2cfd25354211ecf5080b3f52
2008.0/x86_64/mono-ibm-data-db2-1.2.5-4.2mdv2008.0.x86_64.rpm
f1d2bd1f6b7884474697203d011b7f41
2008.0/x86_64/mono-jscript-1.2.5-4.2mdv2008.0.x86_64.rpm
3696ebc448c50f9003cba99d82b352bc
2008.0/x86_64/mono-locale-extras-1.2.5-4.2mdv2008.0.x86_64.rpm
7b6f80e0648df7063a58a970d458d1af
2008.0/x86_64/mono-nunit-1.2.5-4.2mdv2008.0.x86_64.rpm
53ea6788122b45c2ecd03973424fde8b
2008.0/x86_64/mono-web-1.2.5-4.2mdv2008.0.x86_64.rpm
d57531d94f57264f635b4ece3d415798
2008.0/x86_64/mono-winforms-1.2.5-4.2mdv2008.0.x86_64.rpm
5774758e02d44a1e25954a282dcec114 2008.0/SRPMS/mono-1.2.5-4.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
c2a6a54629cda03a711b15d956ad48f1 2008.1/i586/jay-1.2.6-4.1mdv2008.1.i586.rpm
b2cdd14102b90342d3abc389ba3610b8
2008.1/i586/libmono0-1.2.6-4.1mdv2008.1.i586.rpm
45abeafb948f63b555399292ac1c155c
2008.1/i586/libmono-devel-1.2.6-4.1mdv2008.1.i586.rpm
5163daca32007961de96a4aed0ee3576 2008.1/i586/mono-1.2.6-4.1mdv2008.1.i586.rpm
b269506c27ed8b7a01ea6fd04aa68b2c
2008.1/i586/mono-bytefx-data-mysql-1.2.6-4.1mdv2008.1.i586.rpm
3763c1004ab62d125ae2e656e8e3bead
2008.1/i586/mono-data-1.2.6-4.1mdv2008.1.i586.rpm
706a44056e1498be81465db9d9ab1930
2008.1/i586/mono-data-firebird-1.2.6-4.1mdv2008.1.i586.rpm
3cea1df02c8ecf3a6318a91fd93a8df4
2008.1/i586/mono-data-oracle-1.2.6-4.1mdv2008.1.i586.rpm
752d16b45dc2a423a43b0c6e98262f5c
2008.1/i586/mono-data-postgresql-1.2.6-4.1mdv2008.1.i586.rpm
3f426b28984451a81be9bdbc16731c11
2008.1/i586/mono-data-sqlite-1.2.6-4.1mdv2008.1.i586.rpm
79a222d28afb85666b66b16656b6db01
2008.1/i586/mono-data-sybase-1.2.6-4.1mdv2008.1.i586.rpm
45eae87984a073a7b8dfa059857994c6
2008.1/i586/mono-doc-1.2.6-4.1mdv2008.1.i586.rpm
99ebd7c0ff7bae26c203444a3006b1ae
2008.1/i586/mono-extras-1.2.6-4.1mdv2008.1.i586.rpm
fc6467c8bf378553c1ce1212cdf862e6
2008.1/i586/mono-ibm-data-db2-1.2.6-4.1mdv2008.1.i586.rpm
7c5bd0f7060fb7e8584949be3b02e48e
2008.1/i586/mono-jscript-1.2.6-4.1mdv2008.1.i586.rpm
d8924d716ea0ca0b0d4cdbfd8716c8a7
2008.1/i586/mono-locale-extras-1.2.6-4.1mdv2008.1.i586.rpm
d9066626a5d602a21e0e83743cbba98f
2008.1/i586/mono-nunit-1.2.6-4.1mdv2008.1.i586.rpm
508f141816c872cbfb2ba33d2333c20d
2008.1/i586/mono-web-1.2.6-4.1mdv2008.1.i586.rpm
fe6afbabdedd6bed5b6787fd32e555cf
2008.1/i586/mono-winforms-1.2.6-4.1mdv2008.1.i586.rpm
ec2b756483755c770a038a89fa2b4558 2008.1/SRPMS/mono-1.2.6-4.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
38159f51314a664bda8be4d5ac78c838
2008.1/x86_64/jay-1.2.6-4.1mdv2008.1.x86_64.rpm
3867b5b1c6b833aef4a3200025c11698
2008.1/x86_64/lib64mono0-1.2.6-4.1mdv2008.1.x86_64.rpm
9b34901a35a959f92c7ccf41dc622e7d
2008.1/x86_64/lib64mono-devel-1.2.6-4.1mdv2008.1.x86_64.rpm
f58d94a88270d64ab65518487ade64c1
2008.1/x86_64/mono-1.2.6-4.1mdv2008.1.x86_64.rpm
6c2b4395b61edf9e90947f8b31df174a
2008.1/x86_64/mono-bytefx-data-mysql-1.2.6-4.1mdv2008.1.x86_64.rpm
bc13ae1bf13544a69c6d4c65571fc6c1
2008.1/x86_64/mono-data-1.2.6-4.1mdv2008.1.x86_64.rpm
2ff830e90768927b2313fca1bd2e3867
2008.1/x86_64/mono-data-firebird-1.2.6-4.1mdv2008.1.x86_64.rpm
5670152b5beb3d7df66b992b6129cf78
2008.1/x86_64/mono-data-oracle-1.2.6-4.1mdv2008.1.x86_64.rpm
5d35833bc95cba9bc9e6612545f3d5ef
2008.1/x86_64/mono-data-postgresql-1.2.6-4.1mdv2008.1.x86_64.rpm
c928b1106a8549f390921be5586bb8d3
2008.1/x86_64/mono-data-sqlite-1.2.6-4.1mdv2008.1.x86_64.rpm
c73fe1acfe6bad1464ded4d0ec07d0ab
2008.1/x86_64/mono-data-sybase-1.2.6-4.1mdv2008.1.x86_64.rpm
71ede1c3f537727f9bed64bf907d505d
2008.1/x86_64/mono-doc-1.2.6-4.1mdv2008.1.x86_64.rpm
13bc42bb77fb01c5472f9346959a54fc
2008.1/x86_64/mono-extras-1.2.6-4.1mdv2008.1.x86_64.rpm
324d7824f09943da2782d8e9882556a2
2008.1/x86_64/mono-ibm-data-db2-1.2.6-4.1mdv2008.1.x86_64.rpm
178b5f1897be0b1a8345f6f789c5d114
2008.1/x86_64/mono-jscript-1.2.6-4.1mdv2008.1.x86_64.rpm
24bcfc417441e037bb3699c15f6138d0
2008.1/x86_64/mono-locale-extras-1.2.6-4.1mdv2008.1.x86_64.rpm
78856fb36cc4ba34f2f1a5866f4d8286
2008.1/x86_64/mono-nunit-1.2.6-4.1mdv2008.1.x86_64.rpm
a0565351873bddd9d211a98d1467f055
2008.1/x86_64/mono-web-1.2.6-4.1mdv2008.1.x86_64.rpm
00ae4d7f9547719004cd18269f656fa2
2008.1/x86_64/mono-winforms-1.2.6-4.1mdv2008.1.x86_64.rpm
ec2b756483755c770a038a89fa2b4558 2008.1/SRPMS/mono-1.2.6-4.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI5ohPmqjQ0CJFipgRAjYIAKCzXMe3gTau6/loKPvYMIe5OL93WACg7uz+
eS11qH2o6fIDbh/ulAFmrpg=
=McWr
-----END PGP SIGNATURE-----


------------=_1223079313-14940-16
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1223079313-14940-16--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung