openSUSE-SU-2010:0342-1 (moderate): mono security update - openSUSE Updates

29 Jun 2010


      openSUSE Security Update: mono security update
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2010:0342-1
Rating:             moderate
References:         #592428 
Cross-References:   CVE-2010-1459
Affected Products:
                    openSUSE 11.2
                    openSUSE 11.1
                    openSUSE 11.0
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Mono's ASP.NET implementation did not set the
   'EnableViewStateMac' property by default. Attackers could
   exploit that to conduct cross-site-scripting (XSS) attacks.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE 11.2:
zypper in -t patch bytefx-data-mysql-2384
- openSUSE 11.1:
zypper in -t patch bytefx-data-mysql-2384
- openSUSE 11.0:
zypper in -t patch bytefx-data-mysql-2384
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.2 (i586 src x86_64):
mono-core-2.4.2.3-2.7.1
- openSUSE 11.2 (i586 x86_64):
bytefx-data-mysql-2.4.2.3-2.7.1
      ibm-data-db2-2.4.2.3-2.7.1
      mono-complete-2.4.2.3-2.7.1
      mono-data-2.4.2.3-2.7.1
      mono-data-firebird-2.4.2.3-2.7.1
      mono-data-oracle-2.4.2.3-2.7.1
      mono-data-postgresql-2.4.2.3-2.7.1
      mono-data-sqlite-2.4.2.3-2.7.1
      mono-data-sybase-2.4.2.3-2.7.1
      mono-devel-2.4.2.3-2.7.1
      mono-extras-2.4.2.3-2.7.1
      mono-jscript-2.4.2.3-2.7.1
      mono-locale-extras-2.4.2.3-2.7.1
      mono-nunit-2.4.2.3-2.7.1
      mono-wcf-2.4.2.3-2.7.1
      mono-web-2.4.2.3-2.7.1
      mono-winforms-2.4.2.3-2.7.1
      monodoc-core-2.4.2.3-2.7.1
- openSUSE 11.1 (i586 ppc src x86_64):
mono-core-2.0.1-1.23.1
- openSUSE 11.1 (i586 ppc x86_64):
bytefx-data-mysql-2.0.1-1.23.1
      ibm-data-db2-2.0.1-1.23.1
      mono-complete-2.0.1-1.23.1
      mono-data-2.0.1-1.23.1
      mono-data-firebird-2.0.1-1.23.1
      mono-data-oracle-2.0.1-1.23.1
      mono-data-postgresql-2.0.1-1.23.1
      mono-data-sqlite-2.0.1-1.23.1
      mono-data-sybase-2.0.1-1.23.1
      mono-devel-2.0.1-1.23.1
      mono-extras-2.0.1-1.23.1
      mono-jscript-2.0.1-1.23.1
      mono-locale-extras-2.0.1-1.23.1
      mono-nunit-2.0.1-1.23.1
      mono-web-2.0.1-1.23.1
      mono-winforms-2.0.1-1.23.1
- openSUSE 11.1 (noarch src):
monodoc-core-2.0-1.42.1
- openSUSE 11.1 (x86_64):
mono-core-32bit-2.0.1-1.23.1
- openSUSE 11.0 (i586 ppc src x86_64):
mono-core-1.9.1-6.8
- openSUSE 11.0 (i586 ppc x86_64):
bytefx-data-mysql-1.9.1-6.8
      ibm-data-db2-1.9.1-6.8
      mono-complete-1.9.1-6.8
      mono-data-1.9.1-6.8
      mono-data-firebird-1.9.1-6.8
      mono-data-oracle-1.9.1-6.8
      mono-data-postgresql-1.9.1-6.8
      mono-data-sqlite-1.9.1-6.8
      mono-data-sybase-1.9.1-6.8
      mono-devel-1.9.1-6.8
      mono-extras-1.9.1-6.8
      mono-jscript-1.9.1-6.8
      mono-locale-extras-1.9.1-6.8
      mono-nunit-1.9.1-6.8
      mono-web-1.9.1-6.8
      mono-winforms-1.9.1-6.8
- openSUSE 11.0 (noarch src):
monodoc-core-1.9-18.1
- openSUSE 11.0 (x86_64):
mono-core-32bit-1.9.1-6.8
References:
http://support.novell.com/security/cve/CVE-2010-1459.html
   https://bugzilla.novell.com/592428