4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
86.2%
Gerfried Fuchs uploaded new packages for mono which fixed the following
security problems:
CVE-CVE-2008-3422, Debian BTS #494406
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
CVE-CVE-2008-3906, Debian BTS #498894
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via CRLF sequences in the query string.
For the etch-backports distribution the problems have been fixed in
version 1.9.1+dfsg-4~bpo40+1.
For the lenny and sid distribution the problems have been fixed in
version 1.9.1+dfsg-4.
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | libmono-oracle2.0-cil | < 1.9.1+dfsg-4 | libmono-oracle2.0-cil_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | libmono-sharpzip0.6-cil | < 1.9.1+dfsg-4 | libmono-sharpzip0.6-cil_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | libmono-system-ldap1.0-cil | < 1.9.1+dfsg-4 | libmono-system-ldap1.0-cil_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | libmono-npgsql2.0-cil | < 1.9.1+dfsg-4 | libmono-npgsql2.0-cil_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | mono-gmcs | < 1.9.1+dfsg-4 | mono-gmcs_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | mono-mcs | < 1.9.1+dfsg-4 | mono-mcs_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | libmono-peapi2.0-cil | < 1.9.1+dfsg-4 | libmono-peapi2.0-cil_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | mono-1.0-devel | < 1.9.1+dfsg-4 | mono-1.0-devel_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | mono-jay | < 1.9.1+dfsg-4 | mono-jay_1.9.1+dfsg-4_all.deb |
Debian | 5 | all | mono-2.0-service | < 1.9.1+dfsg-4 | mono-2.0-service_1.9.1+dfsg-4_all.deb |