[Security Announce] [ MDKSA-2007:218 ] - Updated mono packages fix arbitrary code execution vulnerability
Posted on: 11/14/2007 07:40 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:218
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mono
Date : November 14, 2007
Affected: 2007.0, 2007.1, 2008.0
_______________________________________________________________________

Problem Description:

IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class
in Mono 1.2.5.1 and previous versions, which allows arbitrary code
execution by context-dependent attackers.

Updated packages fix this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5197
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
b9d567706da7df90b47ba3a7d19860bc 2007.0/i586/jay-1.1.17.1-5.3mdv2007.0.i586.rpm
8761f440233b19cd1cd0a89f570645ab 2007.0/i586/libmono-runtime-1.1.17.1-5.3mdv2007.0.i586.rpm
ec8c893fb7dce3ac0a84a25354ae5b71 2007.0/i586/libmono0-1.1.17.1-5.3mdv2007.0.i586.rpm
be7674691a7e993be13a4881cdf8e1c4 2007.0/i586/libmono0-devel-1.1.17.1-5.3mdv2007.0.i586.rpm
dd69d1b1d77a970bbd69deeca3cba072 2007.0/i586/mono-1.1.17.1-5.3mdv2007.0.i586.rpm
4be1187e19e3cbfc571418dc05c29194 2007.0/i586/mono-data-sqlite-1.1.17.1-5.3mdv2007.0.i586.rpm
19f7a6a36839e454b744f082792a95e5 2007.0/i586/mono-doc-1.1.17.1-5.3mdv2007.0.i586.rpm
05069e51e4b6e18973bd3727af71eda4 2007.0/SRPMS/mono-1.1.17.1-5.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
6821742c220f15a204f6c11e1097da73 2007.0/x86_64/jay-1.1.17.1-5.3mdv2007.0.x86_64.rpm
434778d7a971fdccea1e0f2186e964f9 2007.0/x86_64/lib64mono0-1.1.17.1-5.3mdv2007.0.x86_64.rpm
656169f3f2901ff4fa9de7b895a97333 2007.0/x86_64/lib64mono0-devel-1.1.17.1-5.3mdv2007.0.x86_64.rpm
1f4e0426187652ba278fe7ff2d6b097b 2007.0/x86_64/libmono-runtime-1.1.17.1-5.3mdv2007.0.x86_64.rpm
51f510ba19d6c613a5a0569291c449f8 2007.0/x86_64/mono-1.1.17.1-5.3mdv2007.0.x86_64.rpm
4b3a0a3bf7eee78062dcd71bd2ba5889 2007.0/x86_64/mono-data-sqlite-1.1.17.1-5.3mdv2007.0.x86_64.rpm
3591ed164f177be930c137395e7aa59f 2007.0/x86_64/mono-doc-1.1.17.1-5.3mdv2007.0.x86_64.rpm
05069e51e4b6e18973bd3727af71eda4 2007.0/SRPMS/mono-1.1.17.1-5.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
cd8398d38826f2c2b1f4c1ebdbc05d4e 2007.1/i586/jay-1.2.3.1-4.1mdv2007.1.i586.rpm
d2fde2f68ec91f4ac815de617c36a54d 2007.1/i586/libmono0-1.2.3.1-4.1mdv2007.1.i586.rpm
f084c0e39b28522e50e1929726c00e87 2007.1/i586/libmono0-devel-1.2.3.1-4.1mdv2007.1.i586.rpm
cc4e1ec31cdedda7ffea4dfa907e75b0 2007.1/i586/mono-1.2.3.1-4.1mdv2007.1.i586.rpm
d2bbc574fd1d9ec309d760da6ed310f6 2007.1/i586/mono-bytefx-data-mysql-1.2.3.1-4.1mdv2007.1.i586.rpm
a3e21245b230ab317925ab948125ffd6 2007.1/i586/mono-data-1.2.3.1-4.1mdv2007.1.i586.rpm
fe40d27e56faac9c2d9167ebed3aaf48 2007.1/i586/mono-data-firebird-1.2.3.1-4.1mdv2007.1.i586.rpm
8b023626db80ca7d2b452ce1f9582462 2007.1/i586/mono-data-oracle-1.2.3.1-4.1mdv2007.1.i586.rpm
a91ed3d8d46c3da92fa0484a4584d21c 2007.1/i586/mono-data-postgresql-1.2.3.1-4.1mdv2007.1.i586.rpm
bba894fa17420fc37ff97946d28fb7a9 2007.1/i586/mono-data-sqlite-1.2.3.1-4.1mdv2007.1.i586.rpm
d4556931bee6df1b31216ecbd1c9c09d 2007.1/i586/mono-data-sybase-1.2.3.1-4.1mdv2007.1.i586.rpm
7fd252b7125622227dd27d73bd6cd12d 2007.1/i586/mono-doc-1.2.3.1-4.1mdv2007.1.i586.rpm
1f681e0ef96b53c40526fae5aaa9e78c 2007.1/i586/mono-extras-1.2.3.1-4.1mdv2007.1.i586.rpm
de3caa8e2c13781dc9cf40c50a78b73c 2007.1/i586/mono-ibm-data-db2-1.2.3.1-4.1mdv2007.1.i586.rpm
f406edad2c786cb651f2637d8a7a206b 2007.1/i586/mono-jscript-1.2.3.1-4.1mdv2007.1.i586.rpm
34820957e0678deeb59537c194ae8cee 2007.1/i586/mono-locale-extras-1.2.3.1-4.1mdv2007.1.i586.rpm
6a2a33508c23763e0d66714017d13cb0 2007.1/i586/mono-nunit-1.2.3.1-4.1mdv2007.1.i586.rpm
cd73df7c62fe129a21c7ce6c46a21fa5 2007.1/i586/mono-web-1.2.3.1-4.1mdv2007.1.i586.rpm
791cc17afcc4cc1446e4bf5f0483ba69 2007.1/i586/mono-winforms-1.2.3.1-4.1mdv2007.1.i586.rpm
5a2decbedede539c73c34cd2abe53c9c 2007.1/SRPMS/mono-1.2.3.1-4.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
4a4cd3e01867703e87629c1803bc1fd2 2007.1/x86_64/jay-1.2.3.1-4.1mdv2007.1.x86_64.rpm
04a0cd2fa60cfed84164758a04fe381a 2007.1/x86_64/lib64mono0-1.2.3.1-4.1mdv2007.1.x86_64.rpm
5abe1519303796c34ed013705b3e8eff 2007.1/x86_64/lib64mono0-devel-1.2.3.1-4.1mdv2007.1.x86_64.rpm
c91bab9f4fb6f53425b1d8f05f5adaf6 2007.1/x86_64/mono-1.2.3.1-4.1mdv2007.1.x86_64.rpm
9473cb69096d859f36c42778ff48f71d 2007.1/x86_64/mono-bytefx-data-mysql-1.2.3.1-4.1mdv2007.1.x86_64.rpm
e1d135f40c1373897186701da080c8e1 2007.1/x86_64/mono-data-1.2.3.1-4.1mdv2007.1.x86_64.rpm
740160f5eadbb54ed7b3c1215370ea88 2007.1/x86_64/mono-data-firebird-1.2.3.1-4.1mdv2007.1.x86_64.rpm
d81fd851fda6a45961ab76c153c0675e 2007.1/x86_64/mono-data-oracle-1.2.3.1-4.1mdv2007.1.x86_64.rpm
424430479555ed5fe10e5d218ad13fd8 2007.1/x86_64/mono-data-postgresql-1.2.3.1-4.1mdv2007.1.x86_64.rpm
1476bc4ed69f320e68785876653c0606 2007.1/x86_64/mono-data-sqlite-1.2.3.1-4.1mdv2007.1.x86_64.rpm
2c42f6fe92a60b23da0f1a0b74a66e2b 2007.1/x86_64/mono-data-sybase-1.2.3.1-4.1mdv2007.1.x86_64.rpm
b9c4deb20f3456f0dc7dca799987278e 2007.1/x86_64/mono-doc-1.2.3.1-4.1mdv2007.1.x86_64.rpm
a8eefbbece276c42d9e572f3bef767ee 2007.1/x86_64/mono-extras-1.2.3.1-4.1mdv2007.1.x86_64.rpm
5f5581ae0d391076ae0e859fc4093715 2007.1/x86_64/mono-ibm-data-db2-1.2.3.1-4.1mdv2007.1.x86_64.rpm
56ad0c6839e7c68fc825e3d29b306094 2007.1/x86_64/mono-jscript-1.2.3.1-4.1mdv2007.1.x86_64.rpm
bc58088122c0d6585070f0f7fa15931d 2007.1/x86_64/mono-locale-extras-1.2.3.1-4.1mdv2007.1.x86_64.rpm
0a75d2d72852a077caed4176d529c086 2007.1/x86_64/mono-nunit-1.2.3.1-4.1mdv2007.1.x86_64.rpm
27abf19112802f836ebb5d4d56d49483 2007.1/x86_64/mono-web-1.2.3.1-4.1mdv2007.1.x86_64.rpm
399b685114b2eaeb791a926993cd5598 2007.1/x86_64/mono-winforms-1.2.3.1-4.1mdv2007.1.x86_64.rpm
5a2decbedede539c73c34cd2abe53c9c 2007.1/SRPMS/mono-1.2.3.1-4.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
8ebdfb9c02b64ea41d9b100f65812f90 2008.0/i586/jay-1.2.5-4.1mdv2008.0.i586.rpm
ae31ade214e1694544eadaae2b9ca0aa 2008.0/i586/libmono-devel-1.2.5-4.1mdv2008.0.i586.rpm
9bc3d1b07aedfb72c0b7276e98530786 2008.0/i586/libmono0-1.2.5-4.1mdv2008.0.i586.rpm
5b062672af0f1096d4b2699b41500c5b 2008.0/i586/mono-1.2.5-4.1mdv2008.0.i586.rpm
3e8b3c16413b79faafb56a6471ad2d60 2008.0/i586/mono-bytefx-data-mysql-1.2.5-4.1mdv2008.0.i586.rpm
bdb4e353c8e193ed649d964eca8cbbf7 2008.0/i586/mono-data-1.2.5-4.1mdv2008.0.i586.rpm
df182a6fc664a185ddba5621c808c29c 2008.0/i586/mono-data-firebird-1.2.5-4.1mdv2008.0.i586.rpm
ac5c709280054dcf13782403d7582cc8 2008.0/i586/mono-data-oracle-1.2.5-4.1mdv2008.0.i586.rpm
c0080d22b45914d1181462d7dbb09bcf 2008.0/i586/mono-data-postgresql-1.2.5-4.1mdv2008.0.i586.rpm
9ebc86ecc9643c293b70ff34fa28dfeb 2008.0/i586/mono-data-sqlite-1.2.5-4.1mdv2008.0.i586.rpm
f6b216abca966428e1adafcaccf51a4c 2008.0/i586/mono-data-sybase-1.2.5-4.1mdv2008.0.i586.rpm
c82d4dbb2201f27a0d212a490711bbc0 2008.0/i586/mono-doc-1.2.5-4.1mdv2008.0.i586.rpm
f83711d4aff6061e2fb8ea8f13cb5a4a 2008.0/i586/mono-extras-1.2.5-4.1mdv2008.0.i586.rpm
27cf05aeab8509daf43c8aaf96974cea 2008.0/i586/mono-ibm-data-db2-1.2.5-4.1mdv2008.0.i586.rpm
d14a632cc577a9cf0bb387cb3fc8cd88 2008.0/i586/mono-jscript-1.2.5-4.1mdv2008.0.i586.rpm
96b39905bd9b06d3a1c1fd399a6d1d29 2008.0/i586/mono-locale-extras-1.2.5-4.1mdv2008.0.i586.rpm
8e3d7d4c6c27fa371e66a99037dc25ee 2008.0/i586/mono-nunit-1.2.5-4.1mdv2008.0.i586.rpm
b10b94480ed8fa1c0e40669b1fda5a75 2008.0/i586/mono-web-1.2.5-4.1mdv2008.0.i586.rpm
8f8a46bd23974b0382cae45edd159ea2 2008.0/i586/mono-winforms-1.2.5-4.1mdv2008.0.i586.rpm
d427c1ad2eccc2bec9df627e80cdf97b 2008.0/SRPMS/mono-1.2.5-4.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
0f90edb5947c9623cf4b76fe3231a708 2008.0/x86_64/jay-1.2.5-4.1mdv2008.0.x86_64.rpm
17f5a15741b01ca99fe3eac56ab5f4c6 2008.0/x86_64/lib64mono-devel-1.2.5-4.1mdv2008.0.x86_64.rpm
1690e1b1862553768f976059b7ee3f69 2008.0/x86_64/lib64mono0-1.2.5-4.1mdv2008.0.x86_64.rpm
70241a617cf42d2688cf988fe96f437d 2008.0/x86_64/mono-1.2.5-4.1mdv2008.0.x86_64.rpm
3e0fd2296e2ca03579d6248735a6a4ba 2008.0/x86_64/mono-bytefx-data-mysql-1.2.5-4.1mdv2008.0.x86_64.rpm
f8b81acf39edae596fcd33fd723038f1 2008.0/x86_64/mono-data-1.2.5-4.1mdv2008.0.x86_64.rpm
f0d34b98b0bd4a18b58ed3b37319d19f 2008.0/x86_64/mono-data-firebird-1.2.5-4.1mdv2008.0.x86_64.rpm
a738da7d98f0a64434b40462bd11c5d0 2008.0/x86_64/mono-data-oracle-1.2.5-4.1mdv2008.0.x86_64.rpm
13f0c34484612d288350e0ec2ba3b037 2008.0/x86_64/mono-data-postgresql-1.2.5-4.1mdv2008.0.x86_64.rpm
683b45b6af4d93fe453469220b324d27 2008.0/x86_64/mono-data-sqlite-1.2.5-4.1mdv2008.0.x86_64.rpm
251684a836b9edda16fd741cb9aa0c36 2008.0/x86_64/mono-data-sybase-1.2.5-4.1mdv2008.0.x86_64.rpm
d21c2742ae732e8ad87c16448a57ff1d 2008.0/x86_64/mono-doc-1.2.5-4.1mdv2008.0.x86_64.rpm
c9d6e7104ed5b374b9c922b8ba7f2218 2008.0/x86_64/mono-extras-1.2.5-4.1mdv2008.0.x86_64.rpm
0a9d2b0456cef3e24f4bdff368c7475b 2008.0/x86_64/mono-ibm-data-db2-1.2.5-4.1mdv2008.0.x86_64.rpm
abf507144f6727f3d7bb36eeecff4d7b 2008.0/x86_64/mono-jscript-1.2.5-4.1mdv2008.0.x86_64.rpm
3b9485cbbb009301fad7fb2886fac54b 2008.0/x86_64/mono-locale-extras-1.2.5-4.1mdv2008.0.x86_64.rpm
61de7b33a6bc0cecdd75d7d8dbb4c0cd 2008.0/x86_64/mono-nunit-1.2.5-4.1mdv2008.0.x86_64.rpm
ea697d79a1e8c231d6a95c527177e1ab 2008.0/x86_64/mono-web-1.2.5-4.1mdv2008.0.x86_64.rpm
faba9627b44c2b661005f258682fdcd7 2008.0/x86_64/mono-winforms-1.2.5-4.1mdv2008.0.x86_64.rpm
d427c1ad2eccc2bec9df627e80cdf97b 2008.0/SRPMS/mono-1.2.5-4.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHOwULmqjQ0CJFipgRAgn9AJ0fwGjxD3DMkYBD+7ynLBTwiq8f+ACg6usW
n/KO3Zgq6Rv76gWRDQOWDoU=
=FvIt
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007218__updated_mono_packages_fix_arbitrary_code_execution_vulnerability.html)