[ubuntu/precise-updates] mono 2.10.8.1-1ubuntu2.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Mar 24 13:28:35 UTC 2015 

mono (2.10.8.1-1ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2011-0992.patch: fix access to freed members of a
      dead thread in mono/metadata/threads.c.
    - CVE-2011-0992
  * SECURITY UPDATE: denial of service via hash collision
    - debian/patches/CVE-2012-3543.patch: add a better hash provider to
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
      mcs/class/System.Web/System.Web.dll.sources,
      mcs/class/System.Web/System.Web/WebROCollection.cs.
    - CVE-2012-3543
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Date: 2015-03-20 19:21:12.222455+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/mono/2.10.8.1-1ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list