Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2958-1

Опубликовано: 01 дек. 2016
Источник: suse-cvrf

Описание

Security update for mono-core

mono-core was updated to fix the following vulnerabilities:

  • CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. (bsc#958097)
  • CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters. (bsc#739119)

Список пакетов

SUSE Linux Enterprise Server 11 SP3-LTSS
mono-core-2.6.7-0.18.1
mono-data-2.6.7-0.18.1
mono-data-postgresql-2.6.7-0.18.1
mono-data-sqlite-2.6.7-0.18.1
mono-locale-extras-2.6.7-0.18.1
mono-nunit-2.6.7-0.18.1
mono-web-2.6.7-0.18.1
mono-winforms-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
mono-core-2.6.7-0.18.1
mono-data-2.6.7-0.18.1
mono-data-postgresql-2.6.7-0.18.1
mono-data-sqlite-2.6.7-0.18.1
mono-locale-extras-2.6.7-0.18.1
mono-nunit-2.6.7-0.18.1
mono-web-2.6.7-0.18.1
mono-winforms-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP4
mono-core-2.6.7-0.18.1
mono-data-2.6.7-0.18.1
mono-data-postgresql-2.6.7-0.18.1
mono-data-sqlite-2.6.7-0.18.1
mono-locale-extras-2.6.7-0.18.1
mono-nunit-2.6.7-0.18.1
mono-web-2.6.7-0.18.1
mono-winforms-2.6.7-0.18.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
mono-core-2.6.7-0.18.1
mono-data-2.6.7-0.18.1
mono-data-postgresql-2.6.7-0.18.1
mono-data-sqlite-2.6.7-0.18.1
mono-locale-extras-2.6.7-0.18.1
mono-nunit-2.6.7-0.18.1
mono-web-2.6.7-0.18.1
mono-winforms-2.6.7-0.18.1
SUSE Linux Enterprise Software Development Kit 11 SP4
bytefx-data-mysql-2.6.7-0.18.1
mono-core-2.6.7-0.18.1
mono-data-2.6.7-0.18.1
mono-data-firebird-2.6.7-0.18.1
mono-data-oracle-2.6.7-0.18.1
mono-data-postgresql-2.6.7-0.18.1
mono-data-sqlite-2.6.7-0.18.1
mono-data-sybase-2.6.7-0.18.1
mono-devel-2.6.7-0.18.1
mono-extras-2.6.7-0.18.1
mono-jscript-2.6.7-0.18.1
mono-locale-extras-2.6.7-0.18.1
mono-nunit-2.6.7-0.18.1
mono-wcf-2.6.7-0.18.1
mono-web-2.6.7-0.18.1
mono-winforms-2.6.7-0.18.1
mono-winfxcore-2.6.7-0.18.1
monodoc-core-2.6.7-0.18.1

Ссылки

Описание

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-core-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-data-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-data-postgresql-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-data-sqlite-2.6.7-0.18.1
Ссылки

Описание

mono 2.10.x ASP.NET Web Form Hash collision DoS

Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-core-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-data-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-data-postgresql-2.6.7-0.18.1
SUSE Linux Enterprise Server 11 SP3-LTSS:mono-data-sqlite-2.6.7-0.18.1
Ссылки