From Mageia wiki
Jump to: navigation, search

MGASA-2012-0232

Date: August 23rd, 2012
Affected releases: 1


Description:
Updated mono packages fix security vulnerability:

Cross-site scripting (XSS) vulnerability in the ProcessRequest function
in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8
and earlier allows remote attackers to inject arbitrary web script or HTML
via a file with a crafted name and a forbidden extension, which is not
properly handled in an error message (CVE-2012-3382).


Updated Packages:
mono-2.10.1-1.1.mga1
mono-doc-2.10.1-1.1.mga1
mono-data-2.10.1-1.1.mga1
mono-data-oracle-2.10.1-1.1.mga1
mono-data-postgresql-2.10.1-1.1.mga1
mono-data-sqlite-2.10.1-1.1.mga1
mono-extras-2.10.1-1.1.mga1
mono-ibm-data-db2-2.10.1-1.1.mga1
mono-locale-extras-2.10.1-1.1.mga1
mono-nunit-2.10.1-1.1.mga1
mono-wcf-2.10.1-1.1.mga1
mono-web-2.10.1-1.1.mga1
mono-winforms-2.10.1-1.1.mga1
mono-winfxcore-2.10.1-1.1.mga1
monodoc-core-2.10.1-1.1.mga1
lib(64)mono0-2.10.1-1.1.mga1
lib(64)mono2.0_1-2.10.1-1.1.mga1
lib(64)mono-devel-2.10.1-1.1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382
http://www.debian.org/security/2012/dsa-2512
https://bugs.mageia.org/show_bug.cgi?id=6789

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0232&oldid=10481"