Nom du paquet
mono
Date
2009-10-12
Advisory ID
MDVSA-2009:269
Affected versions
2009.1 i586 , 2009.1 x86_64

Problem description

A vulnerability has been found and corrected in mono:

The XML HMAC signature system did not correctly check certain
lengths. If an attacker sent a truncated HMAC, it could bypass
authentication, leading to potential privilege escalation
(CVE-2009-0217).

This update fixes this vulnerability.

Updated packages

2009.1 i586

 96e9b3a164ba54df856e53d75f9a770e  2009.1/i586/jay-2.2-2.1mdv2009.1.i586.rpm
 4f4670e50e1b8ebab0ae1c4b26a08fd0  2009.1/i586/libmono0-2.2-2.1mdv2009.1.i586.rpm
 e3744379037dabebe6d42673d9eabe5b  2009.1/i586/libmono-devel-2.2-2.1mdv2009.1.i586.rpm
 4a56747ad655d38fa12b1058d9064074  2009.1/i586/mono-2.2-2.1mdv2009.1.i586.rpm
 003d4591273b096b5821e23568cf5e0a  2009.1/i586/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.i586.rpm
 d9e290994110aa9dd017c660000bddd7  2009.1/i586/mono-data-2.2-2.1mdv2009.1.i586.rpm
 458f50bfd97cc07af88810454b010e1f  2009.1/i586/mono-data-firebird-2.2-2.1mdv2009.1.i586.rpm
 9a1d5cb0870076d0295c3acf47c0f71f  2009.1/i586/mono-data-oracle-2.2-2.1mdv2009.1.i586.rpm
 1122700a1b4c50a730ad4750854ab240  2009.1/i586/mono-data-postgresql-2.2-2.1mdv2009.1.i586.rpm
 dbd00c88b8c0d2cdd63abb17af398c27  2009.1/i586/mono-data-sqlite-2.2-2.1mdv2009.1.i586.rpm
 3b3aa065531b9799deada8bd05f19916  2009.1/i586/mono-data-sybase-2.2-2.1mdv2009.1.i586.rpm
 61f0442d103a426463656bc904b14616  2009.1/i586/mono-doc-2.2-2.1mdv2009.1.i586.rpm
 7040660051b34492e967987f51ece5af  2009.1/i586/monodoc-core-2.2-2.1mdv2009.1.i586.rpm
 00cd782fe8c4e709027d4971d29b8b3e  2009.1/i586/mono-extras-2.2-2.1mdv2009.1.i586.rpm
 0f806054daf0af31829fe2b0354250f4  2009.1/i586/mono-ibm-data-db2-2.2-2.1mdv2009.1.i586.rpm
 f930305f456043350c81e3c44f19bb31  2009.1/i586/mono-jscript-2.2-2.1mdv2009.1.i586.rpm
 189188a2077200423f6161b426204037  2009.1/i586/mono-locale-extras-2.2-2.1mdv2009.1.i586.rpm
 a237cc30a57ea6558fa26a04b9f3651b  2009.1/i586/mono-nunit-2.2-2.1mdv2009.1.i586.rpm
 382a16b45688e1643f1891b3d1d95a22  2009.1/i586/mono-wcf-2.2-2.1mdv2009.1.i586.rpm
 f4e6ada2408f0da6a96fdb28e3999049  2009.1/i586/mono-web-2.2-2.1mdv2009.1.i586.rpm
 cfe865c6c6fc5e1fa705d169595b0b4d  2009.1/i586/mono-winforms-2.2-2.1mdv2009.1.i586.rpm 
 7232fac0d533279ca536237489068246  2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm

2009.1 x86_64

 bff1779d589c70471dbb6b05ee82e227  2009.1/x86_64/jay-2.2-2.1mdv2009.1.x86_64.rpm
 a03b05d0e5f94da47e5c3105b2d0df22  2009.1/x86_64/lib64mono0-2.2-2.1mdv2009.1.x86_64.rpm
 828983abe2dcb2d8a2967458bb90588f  2009.1/x86_64/lib64mono-devel-2.2-2.1mdv2009.1.x86_64.rpm
 0c60ed0e602dcae3ec7308ee937133b0  2009.1/x86_64/mono-2.2-2.1mdv2009.1.x86_64.rpm
 8bc1829108be95bb5e69a2ae3a920d5c  2009.1/x86_64/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.x86_64.rpm
 85ae4608e417cdb09f22e8105010666f  2009.1/x86_64/mono-data-2.2-2.1mdv2009.1.x86_64.rpm
 3e280a15afa1e0e49260d0a1cab64ba9  2009.1/x86_64/mono-data-firebird-2.2-2.1mdv2009.1.x86_64.rpm
 8b46279669d7058b4e694f10abfc5a71  2009.1/x86_64/mono-data-oracle-2.2-2.1mdv2009.1.x86_64.rpm
 08bb987e63fa734630fa42cbd4765e5f  2009.1/x86_64/mono-data-postgresql-2.2-2.1mdv2009.1.x86_64.rpm
 0de9d14ce9a694486ed1fc61fc849622  2009.1/x86_64/mono-data-sqlite-2.2-2.1mdv2009.1.x86_64.rpm
 22686169abac34886e19a8e8ae317a2d  2009.1/x86_64/mono-data-sybase-2.2-2.1mdv2009.1.x86_64.rpm
 ac03ca7841196be3fb34cb952d426078  2009.1/x86_64/mono-doc-2.2-2.1mdv2009.1.x86_64.rpm
 a36a5699db35f9e265a2082cb9d47d9a  2009.1/x86_64/monodoc-core-2.2-2.1mdv2009.1.x86_64.rpm
 96bf175550b6f4ae2713711c603226a5  2009.1/x86_64/mono-extras-2.2-2.1mdv2009.1.x86_64.rpm
 da4fd7e69ca81b3ac9c633905699b706  2009.1/x86_64/mono-ibm-data-db2-2.2-2.1mdv2009.1.x86_64.rpm
 d31b2c8140166736ce6a4adb00c9b2f7  2009.1/x86_64/mono-jscript-2.2-2.1mdv2009.1.x86_64.rpm
 158058655ac916fb99bd9b16dab7f6c2  2009.1/x86_64/mono-locale-extras-2.2-2.1mdv2009.1.x86_64.rpm
 1c4a616ecab13e6ecd21fc236fd0f075  2009.1/x86_64/mono-nunit-2.2-2.1mdv2009.1.x86_64.rpm
 9cbdfc4932b805bbe20c8efd313b11c0  2009.1/x86_64/mono-wcf-2.2-2.1mdv2009.1.x86_64.rpm
 e6a47f1c4de5510bee4219e90380e679  2009.1/x86_64/mono-web-2.2-2.1mdv2009.1.x86_64.rpm
 85901b71e4bea731f859f5fafdcb741f  2009.1/x86_64/mono-winforms-2.2-2.1mdv2009.1.x86_64.rpm 
 7232fac0d533279ca536237489068246  2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm

References