[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Mageia alert MGASA-2014-0244 (mono)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0244: Updated mono packages fix security vulnerability 


Date:
    	      Thu, 29 May 2014 09:07:50 +0200


Message-ID:
    	      <20140529070750.6A0905C7B3@valstar.mageia.org>


MGASA-2014-0244 - Updated mono packages fix security vulnerability

Publication date: 29 May 2014
URL: http://advisories.mageia.org/MGASA-2014-0244.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2012-3543

Description:
Mono 2.10.9 does not properly randomize hash functions for form posts to
protect against hash collision attacks. A remote attacker could send
specially crafted parameters, possibly resulting in a Denial of Service
condition (CVE-2012-3543).

References:
- https://bugs.mageia.org/show_bug.cgi?id=13413
- http://www.gentoo.org/security/en/glsa/glsa-201405-16.xml
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3543

SRPMS:
- 3/core/mono-2.10.9-4.1.mga3
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds