openSUSE-SU-2010:0342-1 (moderate): mono security update

openSUSE Security Update: mono security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0342-1 Rating: moderate References: #592428 Cross-References: CVE-2010-1459 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Mono's ASP.NET implementation did not set the 'EnableViewStateMac' property by default. Attackers could exploit that to conduct cross-site-scripting (XSS) attacks. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch bytefx-data-mysql-2384 - openSUSE 11.1: zypper in -t patch bytefx-data-mysql-2384 - openSUSE 11.0: zypper in -t patch bytefx-data-mysql-2384 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): mono-core-2.4.2.3-2.7.1 - openSUSE 11.2 (i586 x86_64): bytefx-data-mysql-2.4.2.3-2.7.1 ibm-data-db2-2.4.2.3-2.7.1 mono-complete-2.4.2.3-2.7.1 mono-data-2.4.2.3-2.7.1 mono-data-firebird-2.4.2.3-2.7.1 mono-data-oracle-2.4.2.3-2.7.1 mono-data-postgresql-2.4.2.3-2.7.1 mono-data-sqlite-2.4.2.3-2.7.1 mono-data-sybase-2.4.2.3-2.7.1 mono-devel-2.4.2.3-2.7.1 mono-extras-2.4.2.3-2.7.1 mono-jscript-2.4.2.3-2.7.1 mono-locale-extras-2.4.2.3-2.7.1 mono-nunit-2.4.2.3-2.7.1 mono-wcf-2.4.2.3-2.7.1 mono-web-2.4.2.3-2.7.1 mono-winforms-2.4.2.3-2.7.1 monodoc-core-2.4.2.3-2.7.1 - openSUSE 11.1 (i586 ppc src x86_64): mono-core-2.0.1-1.23.1 - openSUSE 11.1 (i586 ppc x86_64): bytefx-data-mysql-2.0.1-1.23.1 ibm-data-db2-2.0.1-1.23.1 mono-complete-2.0.1-1.23.1 mono-data-2.0.1-1.23.1 mono-data-firebird-2.0.1-1.23.1 mono-data-oracle-2.0.1-1.23.1 mono-data-postgresql-2.0.1-1.23.1 mono-data-sqlite-2.0.1-1.23.1 mono-data-sybase-2.0.1-1.23.1 mono-devel-2.0.1-1.23.1 mono-extras-2.0.1-1.23.1 mono-jscript-2.0.1-1.23.1 mono-locale-extras-2.0.1-1.23.1 mono-nunit-2.0.1-1.23.1 mono-web-2.0.1-1.23.1 mono-winforms-2.0.1-1.23.1 - openSUSE 11.1 (noarch src): monodoc-core-2.0-1.42.1 - openSUSE 11.1 (x86_64): mono-core-32bit-2.0.1-1.23.1 - openSUSE 11.0 (i586 ppc src x86_64): mono-core-1.9.1-6.8 - openSUSE 11.0 (i586 ppc x86_64): bytefx-data-mysql-1.9.1-6.8 ibm-data-db2-1.9.1-6.8 mono-complete-1.9.1-6.8 mono-data-1.9.1-6.8 mono-data-firebird-1.9.1-6.8 mono-data-oracle-1.9.1-6.8 mono-data-postgresql-1.9.1-6.8 mono-data-sqlite-1.9.1-6.8 mono-data-sybase-1.9.1-6.8 mono-devel-1.9.1-6.8 mono-extras-1.9.1-6.8 mono-jscript-1.9.1-6.8 mono-locale-extras-1.9.1-6.8 mono-nunit-1.9.1-6.8 mono-web-1.9.1-6.8 mono-winforms-1.9.1-6.8 - openSUSE 11.0 (noarch src): monodoc-core-1.9-18.1 - openSUSE 11.0 (x86_64): mono-core-32bit-1.9.1-6.8 References: http://support.novell.com/security/cve/CVE-2010-1459.html https://bugzilla.novell.com/592428