SUSE-SU-2012:0393-1: Security update for Mono

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 21 04:08:17 MDT 2012


   SUSE Security Update: Security update for Mono
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0393-1
Rating:             low
References:         #648080 
Cross-References:   CVE-2010-3332
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:


   The FORMS authentication methods of mono ASP.net
   implementation were  vulnerable to a padding oracle attack
   as described in CVE-2010-3332, as  they did encryption
   after checksum.

   This update changes the method to checksum after encryption
   to avoid this  attack.

   Security Issue reference:

   * CVE-2010-3332
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      mono-core-1.2.2-12.32.1
      mono-data-1.2.2-12.32.1
      mono-data-firebird-1.2.2-12.32.1
      mono-data-oracle-1.2.2-12.32.1
      mono-data-postgresql-1.2.2-12.32.1
      mono-data-sqlite-1.2.2-12.32.1
      mono-data-sybase-1.2.2-12.32.1
      mono-locale-extras-1.2.2-12.32.1
      mono-nunit-1.2.2-12.32.1
      mono-web-1.2.2-12.32.1
      mono-winforms-1.2.2-12.32.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      mono-core-32bit-1.2.2-12.32.1

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      mono-core-x86-1.2.2-12.32.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      bytefx-data-mysql-1.2.2-12.32.1
      ibm-data-db2-1.2.2-12.32.1
      mono-core-1.2.2-12.32.1
      mono-data-1.2.2-12.32.1
      mono-data-firebird-1.2.2-12.32.1
      mono-data-oracle-1.2.2-12.32.1
      mono-data-postgresql-1.2.2-12.32.1
      mono-data-sqlite-1.2.2-12.32.1
      mono-data-sybase-1.2.2-12.32.1
      mono-devel-1.2.2-12.32.1
      mono-extras-1.2.2-12.32.1
      mono-locale-extras-1.2.2-12.32.1
      mono-nunit-1.2.2-12.32.1
      mono-web-1.2.2-12.32.1
      mono-winforms-1.2.2-12.32.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      mono-core-32bit-1.2.2-12.32.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      bytefx-data-mysql-1.2.2-12.32.1
      ibm-data-db2-1.2.2-12.32.1
      mono-core-1.2.2-12.32.1
      mono-data-1.2.2-12.32.1
      mono-data-firebird-1.2.2-12.32.1
      mono-data-oracle-1.2.2-12.32.1
      mono-data-postgresql-1.2.2-12.32.1
      mono-data-sqlite-1.2.2-12.32.1
      mono-data-sybase-1.2.2-12.32.1
      mono-devel-1.2.2-12.32.1
      mono-extras-1.2.2-12.32.1
      mono-jscript-1.2.2-12.32.1
      mono-locale-extras-1.2.2-12.32.1
      mono-nunit-1.2.2-12.32.1
      mono-web-1.2.2-12.32.1
      mono-winforms-1.2.2-12.32.1

   - SLE SDK 10 SP4 (s390x x86_64):

      mono-core-32bit-1.2.2-12.32.1

   - SLE SDK 10 SP4 (ia64):

      mono-core-x86-1.2.2-12.32.1


References:

   http://support.novell.com/security/cve/CVE-2010-3332.html
   https://bugzilla.novell.com/648080
   http://download.novell.com/patch/finder/?keywords=acf3e342c719d9e5ee642a15f5422903



More information about the sle-security-updates mailing list