Mandriva Linux Security Advisory 2012-140 - Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. The updated packages have been patched to correct this issue.
3d141ef4c46f1abdd3beec20f1fca302eb29ec58c0221662a9b904124bf1f03f
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:140
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mono
Date : August 20, 2012
Affected: 2011.
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in mono:
Cross-site scripting (XSS) vulnerability in the ProcessRequest function
in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono
2.10.8 and earlier allows remote attackers to inject arbitrary
web script or HTML via a file with a crafted name and a forbidden
extension, which is not properly handled in an error message
(CVE-2012-3382).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
0ed3c27e0c553ffdd090e7dfa490aeeb 2011/i586/libmono0-2.10.2-4.1-mdv2011.0.i586.rpm
206650276cf4dca32ddf2c4dab1c0ccd 2011/i586/libmono2.0_1-2.10.2-4.1-mdv2011.0.i586.rpm
6880796d1614c194957e4b73c5041530 2011/i586/libmono-devel-2.10.2-4.1-mdv2011.0.i586.rpm
d37bbf7fa4d8f4c7e42841013a94a772 2011/i586/mono-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
6177e8a73c780cee0c44ce9c3e86059d 2011/i586/mono-2.10.2-4.1-mdv2011.0.i586.rpm
7c14c69834410662e6e80fcb666632e1 2011/i586/mono-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
57e47d062f8f611da6022970525d55ba 2011/i586/mono-compat-2.10.2-4.1-mdv2011.0.i586.rpm
8420732fc320240f61ea95f1ab1cab5c 2011/i586/mono-data-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
fed75c98595ce593af75e3e9ec9ccc89 2011/i586/mono-data-2.10.2-4.1-mdv2011.0.i586.rpm
f6ac7e2c9477f04bd80d7b01d23d4504 2011/i586/mono-data-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
7f942b460770ae3e2c9ef3eccd220f52 2011/i586/mono-data-compat-2.10.2-4.1-mdv2011.0.i586.rpm
14e7749bd0b7f73b8cefe38e17217b17 2011/i586/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm
8fa14aa29453bf2940c66c3118c83a5f 2011/i586/monodoc-core-2.10.2-4.1-mdv2011.0.i586.rpm
f3a8ff2b77abe7758d0375407031523b 2011/i586/mono-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
51a7113e627f19e58ea6151769e9ddad 2011/i586/mono-extras-2.10.2-4.1-mdv2011.0.i586.rpm
f0a545a4548b2dffc2cfd8006ae53655 2011/i586/mono-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
7b8e1fe6d867b1f94ac9c8b61f8649f9 2011/i586/mono-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm
a68edef182bd82cd5c3f8efd566cb771 2011/i586/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
3bf8ad87f91a7872ea0f324f70ea878e 2011/i586/mono-locale-extras-2.10.2-4.1-mdv2011.0.i586.rpm
1bee39c2f8b992f6c15a85e9bf903349 2011/i586/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
4b54aadecb36015eec89539abaff3c45 2011/i586/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.i586.rpm
fbc7afddb39e1a176c6d9e0f1a28ab58 2011/i586/mono-nunit-2.10.2-4.1-mdv2011.0.i586.rpm
92de44cd1f0b1d28814de93c08562c37 2011/i586/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
9c7712458b5251d83db1620006dadd7d 2011/i586/mono-wcf-2.10.2-4.1-mdv2011.0.i586.rpm
56dac691a9077a4b14d811bc8bd8f725 2011/i586/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
c3239c29a7bf9fd337f4927eda1ee104 2011/i586/mono-web-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
30f4846dd3e572c00a35faaca1d49a43 2011/i586/mono-web-2.10.2-4.1-mdv2011.0.i586.rpm
f617be730eb3013247fbe4e0813d021c 2011/i586/mono-web-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
d51911239e5d2aaeb01cd87d79879176 2011/i586/mono-web-compat-2.10.2-4.1-mdv2011.0.i586.rpm
b9f44e09de6d0b4588f062b12ab34c2e 2011/i586/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
8c8e8b3fcc4f43c354760a06dd4d470f 2011/i586/mono-winforms-2.10.2-4.1-mdv2011.0.i586.rpm
edfaba163dbfecea7082177eee7d2c5c 2011/i586/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
4eaaef456c955f03576333e654d57ba5 2011/i586/mono-winforms-compat-2.10.2-4.1-mdv2011.0.i586.rpm
2bb7b24054d9b362629d70d946c07b8d 2011/i586/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.i586.rpm
beb92d73397de92fc8b461d12dba4757 2011/i586/mono-winfxcore-2.10.2-4.1-mdv2011.0.i586.rpm
6dd6962e129e4fbef484a98b57e9923d 2011/i586/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.i586.rpm
d386d81286f4c4b5cca06f17bc9be66d 2011/SRPMS/mono-2.10.2-4.1.src.rpm
Mandriva Linux 2011/X86_64:
ad49ad287eeb7564a8f6b492b6d748e6 2011/x86_64/lib64mono0-2.10.2-4.1-mdv2011.0.x86_64.rpm
e4e11c03f40aa2b7cb26e67136944ac8 2011/x86_64/lib64mono2.0_1-2.10.2-4.1-mdv2011.0.x86_64.rpm
7843204d8c0c6771a24e94f25be8b73d 2011/x86_64/lib64mono-devel-2.10.2-4.1-mdv2011.0.x86_64.rpm
74c9f4752d032c57018770b6026926e1 2011/x86_64/mono-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
035f8a8246bb3347280df63240c06706 2011/x86_64/mono-2.10.2-4.1-mdv2011.0.x86_64.rpm
0ac9acad48fe9a1a328f34cf61c73fb2 2011/x86_64/mono-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
04727b55b7e97328f052029b2133e3c3 2011/x86_64/mono-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
d0254fe8adc9a847d30f1050dfca3d68 2011/x86_64/mono-data-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
1632f1de58a6c6ea2b93c200228edde9 2011/x86_64/mono-data-2.10.2-4.1-mdv2011.0.x86_64.rpm
2b7f625f20b2b48b7ce2bdf35493dbfb 2011/x86_64/mono-data-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
8434453ee0de9677c86bcb1ce735223a 2011/x86_64/mono-data-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
8b89545140f65b501b61ba0499351269 2011/x86_64/mono-doc-2.10.2-4.1-mdv2011.0.noarch.rpm
69bf60a7c499afe9ed2cf5fd85d31b7a 2011/x86_64/monodoc-core-2.10.2-4.1-mdv2011.0.x86_64.rpm
c1ad7337fae59d9287bb5b6ff31ba865 2011/x86_64/mono-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
3341d6f6d2ed102790aee3d7702e2fc7 2011/x86_64/mono-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm
94a6058ae1794e825ff7b651ffb47b99 2011/x86_64/mono-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
3320949df4acd74efe71f73f6bff2ef1 2011/x86_64/mono-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
4b9ca77319c29d51ac07d7ff11ce5a2b 2011/x86_64/mono-locale-extras-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
2eeec220d341083e6041eb26b679b6e9 2011/x86_64/mono-locale-extras-2.10.2-4.1-mdv2011.0.x86_64.rpm
d9578790a77b37a48c800afc0fb1b771 2011/x86_64/mono-locale-extras-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
8449d63a847ee24e905457e0bbf8dfb8 2011/x86_64/mono-locale-extras-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
80881fa77986f67b9bed589594744345 2011/x86_64/mono-nunit-2.10.2-4.1-mdv2011.0.x86_64.rpm
2ce4cecfbbfdaefe5ada0095f8f7e97d 2011/x86_64/mono-wcf-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
e9f112cfe273410bcbef4063b212bb09 2011/x86_64/mono-wcf-2.10.2-4.1-mdv2011.0.x86_64.rpm
eadb1754ae5f98b15edbc08819992132 2011/x86_64/mono-wcf-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
e9a6f71e1e55505546e32ce0584bbf79 2011/x86_64/mono-web-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
cd62f737bbd69e11c9443c324f8c4ef4 2011/x86_64/mono-web-2.10.2-4.1-mdv2011.0.x86_64.rpm
8f0e2399b4aa0d4b682cd9850521b5f5 2011/x86_64/mono-web-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
7fcfff40c20241bced3fd9f6df5d795d 2011/x86_64/mono-web-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
06505f5d48413d6d721dc2cf6819bab8 2011/x86_64/mono-winforms-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
5157c894dc80c0ddf623bf9d986edcc7 2011/x86_64/mono-winforms-2.10.2-4.1-mdv2011.0.x86_64.rpm
ecb7673772eae830af578c86d97960ba 2011/x86_64/mono-winforms-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
a13b2523a1d1de6b0d2898b58773b97b 2011/x86_64/mono-winforms-compat-2.10.2-4.1-mdv2011.0.x86_64.rpm
be100a335bdc62bd5f2fcb18498838d7 2011/x86_64/mono-winfxcore-2.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
25148ff9af9f58d1c1964c0d80ec5921 2011/x86_64/mono-winfxcore-2.10.2-4.1-mdv2011.0.x86_64.rpm
b3a94278f253ec6f8577d1a7dd2aadd9 2011/x86_64/mono-winfxcore-4.0-2.10.2-4.1-mdv2011.0.x86_64.rpm
d386d81286f4c4b5cca06f17bc9be66d 2011/SRPMS/mono-2.10.2-4.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFQMgnnmqjQ0CJFipgRApnIAJ9Hbx/qrvIXaG6KppvKRB9n43CzzwCfUOnO
fx9P9KKS6YLQAUiMEaQXqcA=
=/FD/
-----END PGP SIGNATURE-----