[ubuntu-mono] [Bug 691780] [NEW] Security vulnerability allows violation of the type system and possibly execution of arbitrary code

Chris Howie 691780 at bugs.launchpad.net
Sat Dec 18 02:47:10 UTC 2010


*** This bug is a security vulnerability ***

Private security bug reported:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/

A bug in generics allows violation of the type system.  When paired with
delegate types, this may allow a crafted Moonlight application to
execute arbitrary code.  2.3.0.1 is the most recent version and is
currently the only 2.x version free of this bug.

** Affects: moon (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** Visibility changed to: Private

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4254

-- 
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is a direct subscriber.
https://bugs.launchpad.net/bugs/691780

Title:
  Security vulnerability allows violation of the type system and possibly execution of arbitrary code

Status in “moon” package in Ubuntu:
  New

Bug description:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/

A bug in generics allows violation of the type system.  When paired with delegate types, this may allow a crafted Moonlight application to execute arbitrary code.  2.3.0.1 is the most recent version and is currently the only 2.x version free of this bug.







More information about the Ubuntu-mono mailing list