| |||||||||||||||||||
Mageia alert MGASA-2012-0232 (mono)
MGASA-2012-0232 Date: August 23rd, 2012 Affected releases: 1 Description: Updated mono packages fix security vulnerability: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message (CVE-2012-3382). Updated Packages: mono-2.10.1-1.1.mga1 mono-doc-2.10.1-1.1.mga1 mono-data-2.10.1-1.1.mga1 mono-data-oracle-2.10.1-1.1.mga1 mono-data-postgresql-2.10.1-1.1.mga1 mono-data-sqlite-2.10.1-1.1.mga1 mono-extras-2.10.1-1.1.mga1 mono-ibm-data-db2-2.10.1-1.1.mga1 mono-locale-extras-2.10.1-1.1.mga1 mono-nunit-2.10.1-1.1.mga1 mono-wcf-2.10.1-1.1.mga1 mono-web-2.10.1-1.1.mga1 mono-winforms-2.10.1-1.1.mga1 mono-winfxcore-2.10.1-1.1.mga1 monodoc-core-2.10.1-1.1.mga1 lib(64)mono0-2.10.1-1.1.mga1 lib(64)mono2.0_1-2.10.1-1.1.mga1 lib(64)mono-devel-2.10.1-1.1.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382 http://www.debian.org/security/2012/dsa-2512 https://bugs.mageia.org/show_bug.cgi?id=6789 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||