Описание
Security update for mono-core
mono-core was updated to fix the following vulnerabilities:
- CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097)
- CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
bytefx-data-mysql-2.6.7-0.16.1
ibm-data-db2-2.6.7-0.16.1
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-firebird-2.6.7-0.16.1
mono-data-oracle-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-data-sybase-2.6.7-0.16.1
mono-devel-2.6.7-0.16.1
mono-extras-2.6.7-0.16.1
mono-jscript-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-wcf-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
monodoc-core-2.6.7-0.16.1
SUSE Linux Enterprise Server 11 SP3
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
SUSE Linux Enterprise Server 11 SP4
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
SUSE Linux Enterprise Software Development Kit 11 SP3
bytefx-data-mysql-2.6.7-0.16.1
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-firebird-2.6.7-0.16.1
mono-data-oracle-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-data-sybase-2.6.7-0.16.1
mono-devel-2.6.7-0.16.1
mono-extras-2.6.7-0.16.1
mono-jscript-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-wcf-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
mono-winfxcore-2.6.7-0.16.1
monodoc-core-2.6.7-0.16.1
SUSE Linux Enterprise Software Development Kit 11 SP4
bytefx-data-mysql-2.6.7-0.16.1
mono-core-2.6.7-0.16.1
mono-data-2.6.7-0.16.1
mono-data-firebird-2.6.7-0.16.1
mono-data-oracle-2.6.7-0.16.1
mono-data-postgresql-2.6.7-0.16.1
mono-data-sqlite-2.6.7-0.16.1
mono-data-sybase-2.6.7-0.16.1
mono-devel-2.6.7-0.16.1
mono-extras-2.6.7-0.16.1
mono-jscript-2.6.7-0.16.1
mono-locale-extras-2.6.7-0.16.1
mono-nunit-2.6.7-0.16.1
mono-wcf-2.6.7-0.16.1
mono-web-2.6.7-0.16.1
mono-winforms-2.6.7-0.16.1
mono-winfxcore-2.6.7-0.16.1
monodoc-core-2.6.7-0.16.1
Ссылки
- Link for SUSE-SU-2016:0257-1
- E-Mail link for SUSE-SU-2016:0257-1
- SUSE Security Ratings
- SUSE Bug 739119
- SUSE Bug 958097
- SUSE CVE CVE-2009-0689 page
- SUSE CVE CVE-2012-3543 page
Описание
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:bytefx-data-mysql-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11 SP4:ibm-data-db2-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11 SP4:mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11 SP4:mono-data-2.6.7-0.16.1
Ссылки
- CVE-2009-0689
- SUSE Bug 522109
- SUSE Bug 545277
- SUSE Bug 546371
- SUSE Bug 557126
- SUSE Bug 557127
- SUSE Bug 557128
- SUSE Bug 557671
- SUSE Bug 590499
- SUSE Bug 607935
- SUSE Bug 851803
- SUSE Bug 958097
- SUSE Bug 963818
Описание
mono 2.10.x ASP.NET Web Form Hash collision DoS
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:bytefx-data-mysql-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11 SP4:ibm-data-db2-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11 SP4:mono-core-2.6.7-0.16.1
SUSE Linux Enterprise Desktop 11 SP4:mono-data-2.6.7-0.16.1
Ссылки
- CVE-2012-3543
- SUSE Bug 739119
- SUSE Bug 963818