-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:269 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mono Date : October 12, 2009 Affected: 2009.1 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in mono: The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 96e9b3a164ba54df856e53d75f9a770e 2009.1/i586/jay-2.2-2.1mdv2009.1.i586.rpm 4f4670e50e1b8ebab0ae1c4b26a08fd0 2009.1/i586/libmono0-2.2-2.1mdv2009.1.i586.rpm e3744379037dabebe6d42673d9eabe5b 2009.1/i586/libmono-devel-2.2-2.1mdv2009.1.i586.rpm 4a56747ad655d38fa12b1058d9064074 2009.1/i586/mono-2.2-2.1mdv2009.1.i586.rpm 003d4591273b096b5821e23568cf5e0a 2009.1/i586/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.i586.rpm d9e290994110aa9dd017c660000bddd7 2009.1/i586/mono-data-2.2-2.1mdv2009.1.i586.rpm 458f50bfd97cc07af88810454b010e1f 2009.1/i586/mono-data-firebird-2.2-2.1mdv2009.1.i586.rpm 9a1d5cb0870076d0295c3acf47c0f71f 2009.1/i586/mono-data-oracle-2.2-2.1mdv2009.1.i586.rpm 1122700a1b4c50a730ad4750854ab240 2009.1/i586/mono-data-postgresql-2.2-2.1mdv2009.1.i586.rpm dbd00c88b8c0d2cdd63abb17af398c27 2009.1/i586/mono-data-sqlite-2.2-2.1mdv2009.1.i586.rpm 3b3aa065531b9799deada8bd05f19916 2009.1/i586/mono-data-sybase-2.2-2.1mdv2009.1.i586.rpm 61f0442d103a426463656bc904b14616 2009.1/i586/mono-doc-2.2-2.1mdv2009.1.i586.rpm 7040660051b34492e967987f51ece5af 2009.1/i586/monodoc-core-2.2-2.1mdv2009.1.i586.rpm 00cd782fe8c4e709027d4971d29b8b3e 2009.1/i586/mono-extras-2.2-2.1mdv2009.1.i586.rpm 0f806054daf0af31829fe2b0354250f4 2009.1/i586/mono-ibm-data-db2-2.2-2.1mdv2009.1.i586.rpm f930305f456043350c81e3c44f19bb31 2009.1/i586/mono-jscript-2.2-2.1mdv2009.1.i586.rpm 189188a2077200423f6161b426204037 2009.1/i586/mono-locale-extras-2.2-2.1mdv2009.1.i586.rpm a237cc30a57ea6558fa26a04b9f3651b 2009.1/i586/mono-nunit-2.2-2.1mdv2009.1.i586.rpm 382a16b45688e1643f1891b3d1d95a22 2009.1/i586/mono-wcf-2.2-2.1mdv2009.1.i586.rpm f4e6ada2408f0da6a96fdb28e3999049 2009.1/i586/mono-web-2.2-2.1mdv2009.1.i586.rpm cfe865c6c6fc5e1fa705d169595b0b4d 2009.1/i586/mono-winforms-2.2-2.1mdv2009.1.i586.rpm 7232fac0d533279ca536237489068246 2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: bff1779d589c70471dbb6b05ee82e227 2009.1/x86_64/jay-2.2-2.1mdv2009.1.x86_64.rpm a03b05d0e5f94da47e5c3105b2d0df22 2009.1/x86_64/lib64mono0-2.2-2.1mdv2009.1.x86_64.rpm 828983abe2dcb2d8a2967458bb90588f 2009.1/x86_64/lib64mono-devel-2.2-2.1mdv2009.1.x86_64.rpm 0c60ed0e602dcae3ec7308ee937133b0 2009.1/x86_64/mono-2.2-2.1mdv2009.1.x86_64.rpm 8bc1829108be95bb5e69a2ae3a920d5c 2009.1/x86_64/mono-bytefx-data-mysql-2.2-2.1mdv2009.1.x86_64.rpm 85ae4608e417cdb09f22e8105010666f 2009.1/x86_64/mono-data-2.2-2.1mdv2009.1.x86_64.rpm 3e280a15afa1e0e49260d0a1cab64ba9 2009.1/x86_64/mono-data-firebird-2.2-2.1mdv2009.1.x86_64.rpm 8b46279669d7058b4e694f10abfc5a71 2009.1/x86_64/mono-data-oracle-2.2-2.1mdv2009.1.x86_64.rpm 08bb987e63fa734630fa42cbd4765e5f 2009.1/x86_64/mono-data-postgresql-2.2-2.1mdv2009.1.x86_64.rpm 0de9d14ce9a694486ed1fc61fc849622 2009.1/x86_64/mono-data-sqlite-2.2-2.1mdv2009.1.x86_64.rpm 22686169abac34886e19a8e8ae317a2d 2009.1/x86_64/mono-data-sybase-2.2-2.1mdv2009.1.x86_64.rpm ac03ca7841196be3fb34cb952d426078 2009.1/x86_64/mono-doc-2.2-2.1mdv2009.1.x86_64.rpm a36a5699db35f9e265a2082cb9d47d9a 2009.1/x86_64/monodoc-core-2.2-2.1mdv2009.1.x86_64.rpm 96bf175550b6f4ae2713711c603226a5 2009.1/x86_64/mono-extras-2.2-2.1mdv2009.1.x86_64.rpm da4fd7e69ca81b3ac9c633905699b706 2009.1/x86_64/mono-ibm-data-db2-2.2-2.1mdv2009.1.x86_64.rpm d31b2c8140166736ce6a4adb00c9b2f7 2009.1/x86_64/mono-jscript-2.2-2.1mdv2009.1.x86_64.rpm 158058655ac916fb99bd9b16dab7f6c2 2009.1/x86_64/mono-locale-extras-2.2-2.1mdv2009.1.x86_64.rpm 1c4a616ecab13e6ecd21fc236fd0f075 2009.1/x86_64/mono-nunit-2.2-2.1mdv2009.1.x86_64.rpm 9cbdfc4932b805bbe20c8efd313b11c0 2009.1/x86_64/mono-wcf-2.2-2.1mdv2009.1.x86_64.rpm e6a47f1c4de5510bee4219e90380e679 2009.1/x86_64/mono-web-2.2-2.1mdv2009.1.x86_64.rpm 85901b71e4bea731f859f5fafdcb741f 2009.1/x86_64/mono-winforms-2.2-2.1mdv2009.1.x86_64.rpm 7232fac0d533279ca536237489068246 2009.1/SRPMS/mono-2.2-2.1mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK0wvymqjQ0CJFipgRAlhzAKDoXKLa2qW+Id1s0NHhWhk3kqgiCQCdEp47 oPQSF0uxU0unkgRuLO7EGpY= =xrI4 -----END PGP SIGNATURE-----
