Mailinglist Archive: opensuse-updates (12 mails)
| < Previous | Next > |
openSUSE-SU-2010:0342-1 (moderate): mono security update
- From: opensuse-security@xxxxxxxxxxxx
- Date: Tue, 29 Jun 2010 18:08:14 +0200 (CEST)
- Message-id: <20100629160814.839E3BE25@xxxxxxxxxxxxxx>
openSUSE Security Update: mono security update
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0342-1
Rating: moderate
References: #592428
Cross-References: CVE-2010-1459
Affected Products:
openSUSE 11.2
openSUSE 11.1
openSUSE 11.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Mono's ASP.NET implementation did not set the
'EnableViewStateMac' property by default. Attackers could
exploit that to conduct cross-site-scripting (XSS) attacks.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch bytefx-data-mysql-2384
- openSUSE 11.1:
zypper in -t patch bytefx-data-mysql-2384
- openSUSE 11.0:
zypper in -t patch bytefx-data-mysql-2384
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
mono-core-2.4.2.3-2.7.1
- openSUSE 11.2 (i586 x86_64):
bytefx-data-mysql-2.4.2.3-2.7.1
ibm-data-db2-2.4.2.3-2.7.1
mono-complete-2.4.2.3-2.7.1
mono-data-2.4.2.3-2.7.1
mono-data-firebird-2.4.2.3-2.7.1
mono-data-oracle-2.4.2.3-2.7.1
mono-data-postgresql-2.4.2.3-2.7.1
mono-data-sqlite-2.4.2.3-2.7.1
mono-data-sybase-2.4.2.3-2.7.1
mono-devel-2.4.2.3-2.7.1
mono-extras-2.4.2.3-2.7.1
mono-jscript-2.4.2.3-2.7.1
mono-locale-extras-2.4.2.3-2.7.1
mono-nunit-2.4.2.3-2.7.1
mono-wcf-2.4.2.3-2.7.1
mono-web-2.4.2.3-2.7.1
mono-winforms-2.4.2.3-2.7.1
monodoc-core-2.4.2.3-2.7.1
- openSUSE 11.1 (i586 ppc src x86_64):
mono-core-2.0.1-1.23.1
- openSUSE 11.1 (i586 ppc x86_64):
bytefx-data-mysql-2.0.1-1.23.1
ibm-data-db2-2.0.1-1.23.1
mono-complete-2.0.1-1.23.1
mono-data-2.0.1-1.23.1
mono-data-firebird-2.0.1-1.23.1
mono-data-oracle-2.0.1-1.23.1
mono-data-postgresql-2.0.1-1.23.1
mono-data-sqlite-2.0.1-1.23.1
mono-data-sybase-2.0.1-1.23.1
mono-devel-2.0.1-1.23.1
mono-extras-2.0.1-1.23.1
mono-jscript-2.0.1-1.23.1
mono-locale-extras-2.0.1-1.23.1
mono-nunit-2.0.1-1.23.1
mono-web-2.0.1-1.23.1
mono-winforms-2.0.1-1.23.1
- openSUSE 11.1 (noarch src):
monodoc-core-2.0-1.42.1
- openSUSE 11.1 (x86_64):
mono-core-32bit-2.0.1-1.23.1
- openSUSE 11.0 (i586 ppc src x86_64):
mono-core-1.9.1-6.8
- openSUSE 11.0 (i586 ppc x86_64):
bytefx-data-mysql-1.9.1-6.8
ibm-data-db2-1.9.1-6.8
mono-complete-1.9.1-6.8
mono-data-1.9.1-6.8
mono-data-firebird-1.9.1-6.8
mono-data-oracle-1.9.1-6.8
mono-data-postgresql-1.9.1-6.8
mono-data-sqlite-1.9.1-6.8
mono-data-sybase-1.9.1-6.8
mono-devel-1.9.1-6.8
mono-extras-1.9.1-6.8
mono-jscript-1.9.1-6.8
mono-locale-extras-1.9.1-6.8
mono-nunit-1.9.1-6.8
mono-web-1.9.1-6.8
mono-winforms-1.9.1-6.8
- openSUSE 11.0 (noarch src):
monodoc-core-1.9-18.1
- openSUSE 11.0 (x86_64):
mono-core-32bit-1.9.1-6.8
References:
http://support.novell.com/security/cve/CVE-2010-1459.html
https://bugzilla.novell.com/592428
______________________________________________________________________________
Announcement ID: openSUSE-SU-2010:0342-1
Rating: moderate
References: #592428
Cross-References: CVE-2010-1459
Affected Products:
openSUSE 11.2
openSUSE 11.1
openSUSE 11.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Mono's ASP.NET implementation did not set the
'EnableViewStateMac' property by default. Attackers could
exploit that to conduct cross-site-scripting (XSS) attacks.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch bytefx-data-mysql-2384
- openSUSE 11.1:
zypper in -t patch bytefx-data-mysql-2384
- openSUSE 11.0:
zypper in -t patch bytefx-data-mysql-2384
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
mono-core-2.4.2.3-2.7.1
- openSUSE 11.2 (i586 x86_64):
bytefx-data-mysql-2.4.2.3-2.7.1
ibm-data-db2-2.4.2.3-2.7.1
mono-complete-2.4.2.3-2.7.1
mono-data-2.4.2.3-2.7.1
mono-data-firebird-2.4.2.3-2.7.1
mono-data-oracle-2.4.2.3-2.7.1
mono-data-postgresql-2.4.2.3-2.7.1
mono-data-sqlite-2.4.2.3-2.7.1
mono-data-sybase-2.4.2.3-2.7.1
mono-devel-2.4.2.3-2.7.1
mono-extras-2.4.2.3-2.7.1
mono-jscript-2.4.2.3-2.7.1
mono-locale-extras-2.4.2.3-2.7.1
mono-nunit-2.4.2.3-2.7.1
mono-wcf-2.4.2.3-2.7.1
mono-web-2.4.2.3-2.7.1
mono-winforms-2.4.2.3-2.7.1
monodoc-core-2.4.2.3-2.7.1
- openSUSE 11.1 (i586 ppc src x86_64):
mono-core-2.0.1-1.23.1
- openSUSE 11.1 (i586 ppc x86_64):
bytefx-data-mysql-2.0.1-1.23.1
ibm-data-db2-2.0.1-1.23.1
mono-complete-2.0.1-1.23.1
mono-data-2.0.1-1.23.1
mono-data-firebird-2.0.1-1.23.1
mono-data-oracle-2.0.1-1.23.1
mono-data-postgresql-2.0.1-1.23.1
mono-data-sqlite-2.0.1-1.23.1
mono-data-sybase-2.0.1-1.23.1
mono-devel-2.0.1-1.23.1
mono-extras-2.0.1-1.23.1
mono-jscript-2.0.1-1.23.1
mono-locale-extras-2.0.1-1.23.1
mono-nunit-2.0.1-1.23.1
mono-web-2.0.1-1.23.1
mono-winforms-2.0.1-1.23.1
- openSUSE 11.1 (noarch src):
monodoc-core-2.0-1.42.1
- openSUSE 11.1 (x86_64):
mono-core-32bit-2.0.1-1.23.1
- openSUSE 11.0 (i586 ppc src x86_64):
mono-core-1.9.1-6.8
- openSUSE 11.0 (i586 ppc x86_64):
bytefx-data-mysql-1.9.1-6.8
ibm-data-db2-1.9.1-6.8
mono-complete-1.9.1-6.8
mono-data-1.9.1-6.8
mono-data-firebird-1.9.1-6.8
mono-data-oracle-1.9.1-6.8
mono-data-postgresql-1.9.1-6.8
mono-data-sqlite-1.9.1-6.8
mono-data-sybase-1.9.1-6.8
mono-devel-1.9.1-6.8
mono-extras-1.9.1-6.8
mono-jscript-1.9.1-6.8
mono-locale-extras-1.9.1-6.8
mono-nunit-1.9.1-6.8
mono-web-1.9.1-6.8
mono-winforms-1.9.1-6.8
- openSUSE 11.0 (noarch src):
monodoc-core-1.9-18.1
- openSUSE 11.0 (x86_64):
mono-core-32bit-1.9.1-6.8
References:
http://support.novell.com/security/cve/CVE-2010-1459.html
https://bugzilla.novell.com/592428
| < Previous | Next > |