DSA 1397-1: New mono packages fix integer overflow
Posted on: 11/03/2007 06:05 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1397-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 3rd, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : mono
Vulnerability : integer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2007-5197

An integer overflow in the BigInteger data type implementation has been
discovred in the free .NET runtime Mono.

The oldstable distribution (sarge) doesn't contain mono.

For the stable distribution (etch) this problem has been fixed in
version 1.2.2.1-1etch1. A powerpc build will be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your mono packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1.dsc
Size/MD5 checksum: 2536 690ff9b73b11712dafff48f4e573d844
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1.diff.gz
Size/MD5 checksum: 42815 a36c23b70d5f8c5042bae441c648f52b
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1.orig.tar.gz
Size/MD5 checksum: 19979026 b67ef657b83ca26249d7b9e9c5e7da69

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 20926 d02d121b86ea13531199e1786e73d1c3
http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 20856 e0e9b75f711cb831d6348ccc9b2e7c07
http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.1-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 88810 f9d42b9343e99e77ad20709bb8372b51
http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.2-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 88862 685c943b69999d6a7adf5038985c08b5
http://security.debian.org/pool/updates/main/m/mono/libmono-c5-1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 223620 878f83d238af926295a8fa6afe8df3e0
http://security.debian.org/pool/updates/main/m/mono/libmono-cairo1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 46194 9ec684d4784404eaa6d35ff0d3444311
http://security.debian.org/pool/updates/main/m/mono/libmono-cairo2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 46008 e7aa7d9c6fd374cfd0b1633525928c7a
http://security.debian.org/pool/updates/main/m/mono/libmono-corlib1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 1796690 e2d33d239a6d10e7ff936a0d8d99c428
http://security.debian.org/pool/updates/main/m/mono/libmono-corlib2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 2042898 03abdd8d7dc89bb7042b50a963736b34
http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd7.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 24964 c2efe20fe8ca262dbb9528f8d074f01c
http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd8.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 25184 0269e6ecb0c42331bf0b84027c365016
http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 63412 adddd438a4bdd6c8d67724d78c7575ba
http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 66572 8d0383577fab9fda56fb3a591cf3f4bb
http://security.debian.org/pool/updates/main/m/mono/libmono-firebirdsql1.7-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 288208 a618ebd6f6be362e742e13c40b9ac645
http://security.debian.org/pool/updates/main/m/mono/libmono-ldap1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 209962 7ff6bc9fe2f8edbb71860156f005a85e
http://security.debian.org/pool/updates/main/m/mono/libmono-ldap2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 209924 520f9d0b7f504e996a768173bbbe702f
http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft-build2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 207936 f7033604ac795332aee7dca7eaffab7b
http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft7.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 256114 b086fad7713d77ec53334caa664fcfab
http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft8.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 256164 7dcaf6bae502b45bb7d1c23474791d0b
http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 128044 d12d1f98efb116b4f3b14fe149b18106
http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 128046 722eb37bc3525c9094f5efaed0e27bf5
http://security.debian.org/pool/updates/main/m/mono/libmono-oracle1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 111426 f52ddfc4e9224df1bfa2a9ecfd6a654a
http://security.debian.org/pool/updates/main/m/mono/libmono-oracle2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 111038 737f5cad01c2de39b98c887f1377a8a1
http://security.debian.org/pool/updates/main/m/mono/libmono-peapi1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 99162 5d8084c4fb47df3811aad75b56030976
http://security.debian.org/pool/updates/main/m/mono/libmono-peapi2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 99252 9d3947b9476412b0d3b4801de3aa0174
http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 171852 7bb5b1a89f808b4b1e944f1fe7e9b325
http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 172276 76927b2c2acb8bbf1401b2f08873dac8
http://security.debian.org/pool/updates/main/m/mono/libmono-security1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 232218 cc64c5987ebfe92ec336263d21fb0f47
http://security.debian.org/pool/updates/main/m/mono/libmono-security2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 233346 124a4af44bec04cbb95e221eeeb44a4a
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.6-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 105428 0c45cd7bde57d392ad277e0b2b8021dc
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.84-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 126244 4ed4164c8826b6bdded35eb84fc382d7
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.6-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 105506 2fe08a03e7c51a3e9d4d6aa8762cb37b
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.84-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 126304 743cafdb99c5b3a3e35b5f9e2e2f08ff
http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 43516 3327d1d49bc97d19db2d0a8b61a26917
http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 43506 f57fa7a5fe65a406d6d2b45c59e16bd3
http://security.debian.org/pool/updates/main/m/mono/libmono-system-data1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 435142 87789fcd551d9d50c03685101f131946
http://security.debian.org/pool/updates/main/m/mono/libmono-system-data2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 519990 115c23eb418c955f2ed707a6d74b36f6
http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 48114 8309c8db106d7d899753b5423edc4300
http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 48074 80b8760b5f12c9d629f41f2746c7f244
http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 64276 dc332b77384c875f2d796d84bef786fb
http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 64264 6c5ccefd9ada8cb31fe05de0f1529f07
http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 112958 9c9f35dd37ba3fdadc37a2dead326fa5
http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 130466 5f73bd56ea1b7d3fad8f07592a4af67e
http://security.debian.org/pool/updates/main/m/mono/libmono-system-web1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 738654 23e25d755446735f77797ae4dbcf02a4
http://security.debian.org/pool/updates/main/m/mono/libmono-system-web2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 1447448 cc0e9de505364ce60d46a295ad1fad4f
http://security.debian.org/pool/updates/main/m/mono/libmono-system1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 1686030 8ddfa23403689c1f97886a9e1a865db3
http://security.debian.org/pool/updates/main/m/mono/libmono-system2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 2224592 0f9b0518dc09a98a5ac01d28b84fd43c
http://security.debian.org/pool/updates/main/m/mono/libmono-winforms1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 1393032 3f65fa6c71f92ad4588a7318276c378e
http://security.debian.org/pool/updates/main/m/mono/libmono-winforms2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 1689678 216ae80afc19d2eb5e94cd33cb6efdfe
http://security.debian.org/pool/updates/main/m/mono/libmono1.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 394524 bc958956b138b0172a77cd9adcce733a
http://security.debian.org/pool/updates/main/m/mono/libmono2.0-cil_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 394534 f3360dc37e12b0814ca32ca48852fc66
http://security.debian.org/pool/updates/main/m/mono/mono-gac_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 30680 15bbcbf06bb771d85067bbb5fe4973cd
http://security.debian.org/pool/updates/main/m/mono/mono-gmcs_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 815244 386ad3abda1bc137e9e26327ef8f729a
http://security.debian.org/pool/updates/main/m/mono/mono-mcs_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 988382 ea67fcc1e19fa99975c5c880543a1990
http://security.debian.org/pool/updates/main/m/mono/mono-mjs_1.2.2.1-1etch1_all.deb
Size/MD5 checksum: 26752 805b856b0c85816b99e1ade3c3509f02

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 1142876 5f299302075de6463557074fe9c70dc9
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 850862 c54a56330b1f23cf654afaeaeb273943
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 1224 e76e27f0bf91ee4560a2472557075355
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 97088 13b15c279671ca4220a1fb1df589b026
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 17084 01a4c5bdb22091672ca682c06f91bb1a
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 61050 4fc383315e15cb7348aec6b3482ce5a6
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 745536 eedf98656a6e2f2624ea54507fffa111
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 17054 b4011469915df10de91196be9bb0f0c6
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_amd64.deb
Size/MD5 checksum: 1120806 76e7635cea950b89efe22cebe3ddd183

ARM architecture:

http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 1055134 feb1dae790628d833aeb1ad5d5b49a47
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 782388 0363966b23932b51b4808dc298588b45
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 1224 b131a782076ff0241813f355b4224a63
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 95752 c0edfa13fae9e22608665fc33c264a15
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 17088 c20515b05d012e85d4bbc42f6840e28e
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 61398 b9d465c9e67af1082e572db1067d273c
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 679070 4ad5ee1e7f10585abb1cdfae1623c586
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 17052 63425b4783337dfbeff8d22000da0b20
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_arm.deb
Size/MD5 checksum: 1055504 54613267f35d45757077a81770ee7bf0

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 1056588 ab6bec82baebd30a61d9d86bd142ba99
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 775306 f4ab41beb2e68058ab6c8d6abb1884da
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 1222 f7c3d2e9d42d3f2fa4caa99050219f4f
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 96800 609cf64aeccde22225d667c51cd2adc0
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 17080 ebc41e48782f7fdee64e73347e8bb0a6
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 54994 4e751e2a709951b6a4e5030c9e4437e9
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 670186 7e55db852cb362f68336b6a1ead157ad
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 17044 1996e25314bc972f7c7ceef44c3a1a30
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_i386.deb
Size/MD5 checksum: 1035690 2728352f87d6d6b68a637a259da9b2ae

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 1572222 942b9dae42083392f09e962b1dcff8d8
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 1153008 c1c446735dcddacdc406898080f27fd2
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 1220 9d62681eca4e2327eeb109905009ebf6
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 99040 750b89739f7a5f1dc2051686514561df
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 17082 78680ea864fc7fd56701748da60f761e
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 81032 2ec0d0295ec74cdc69ab2638afc7bb9f
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 1052472 f1e13c743493c8abb0738313f96b9851
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 17050 ecb577d4e3506910c7b3b857d3b0d04a
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_ia64.deb
Size/MD5 checksum: 1515488 8201bc0b63900af5706b36239380c3f4


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHLJjpXm3vHE4uyloRAmjZAKDnTf7/rvIzcRz4r/vb/VFNYLnP5gCfU/5p
bbSbuOBgTxa0Rz0pjp1+eaA=
=NLul
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1397_1_new_mono_packages_fix_integer_overflow.html)