Mandriva Linux Security Advisory 2009-268 - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes these vulnerabilities.
0e41155cc42ddb5a5c21302a350227e68f876395d4400da79f4e4a1a818f4720
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:268
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mono
Date : October 12, 2009
Affected: 2008.1, 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in mono:
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net
class libraries in Mono 2.0 and earlier allow remote attackers to
inject arbitrary web script or HTML via crafted attributes related to
(1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs
(RenderAttributes), (3) HtmlInputButton (RenderAttributes),
(4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect
(RenderChildren) (CVE-2008-3422).
The XML HMAC signature system did not correctly check certain
lengths. If an attacker sent a truncated HMAC, it could bypass
authentication, leading to potential privilege escalation
(CVE-2009-0217).
This update fixes these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
de6e265dd80c5f7654d7f1781b3376aa 2008.1/i586/jay-1.2.6-4.2mdv2008.1.i586.rpm
97452600ab02162347cf54328aabd7bd 2008.1/i586/libmono0-1.2.6-4.2mdv2008.1.i586.rpm
f2b1560754e944ca8c56afb1cfdd10b5 2008.1/i586/libmono-devel-1.2.6-4.2mdv2008.1.i586.rpm
6066d1f5a75d974bfb52080d88c99aa1 2008.1/i586/mono-1.2.6-4.2mdv2008.1.i586.rpm
60ac8f3516199746756973b6f2c88281 2008.1/i586/mono-bytefx-data-mysql-1.2.6-4.2mdv2008.1.i586.rpm
fa88de113c3eae5911d5269656e0f7ae 2008.1/i586/mono-data-1.2.6-4.2mdv2008.1.i586.rpm
e2cf3a1bec78c70d3e923fe6cfd6657d 2008.1/i586/mono-data-firebird-1.2.6-4.2mdv2008.1.i586.rpm
4d6f885af6d50ac55fbce71bfb5d7cd3 2008.1/i586/mono-data-oracle-1.2.6-4.2mdv2008.1.i586.rpm
a04a52cd15bc0ece596a3aefc748583b 2008.1/i586/mono-data-postgresql-1.2.6-4.2mdv2008.1.i586.rpm
ec526c8f8f1ff2c55c8f68ddc80440ac 2008.1/i586/mono-data-sqlite-1.2.6-4.2mdv2008.1.i586.rpm
42c6c3df6268fe5823151258aec47f21 2008.1/i586/mono-data-sybase-1.2.6-4.2mdv2008.1.i586.rpm
8dbf5a4694b0b0849dfb4db338a495b1 2008.1/i586/mono-doc-1.2.6-4.2mdv2008.1.i586.rpm
78e393239b960afa6c21758a18792b56 2008.1/i586/mono-extras-1.2.6-4.2mdv2008.1.i586.rpm
8166a539f5f63fb85feaeb5e6d4888d3 2008.1/i586/mono-ibm-data-db2-1.2.6-4.2mdv2008.1.i586.rpm
48506beebc8f97bbb72b8ae6c802f56e 2008.1/i586/mono-jscript-1.2.6-4.2mdv2008.1.i586.rpm
9984610d5485bdbd5daeb4cb1844ec7a 2008.1/i586/mono-locale-extras-1.2.6-4.2mdv2008.1.i586.rpm
a29437ca4e9718ec03274791754d7eb8 2008.1/i586/mono-nunit-1.2.6-4.2mdv2008.1.i586.rpm
350eaa5dcbdc29ba80b393abbe6cc4d3 2008.1/i586/mono-web-1.2.6-4.2mdv2008.1.i586.rpm
209c1d3721b1dd3344f3cf9fa4e5c4d8 2008.1/i586/mono-winforms-1.2.6-4.2mdv2008.1.i586.rpm
35c1fbf300b903d847c6545f9b10702a 2008.1/SRPMS/mono-1.2.6-4.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
edc5a920e6b80e4ecf3d6ce792d3f272 2008.1/x86_64/jay-1.2.6-4.2mdv2008.1.x86_64.rpm
602c11d794ecc88275dc41c72467bbfa 2008.1/x86_64/lib64mono0-1.2.6-4.2mdv2008.1.x86_64.rpm
6e9cf2b10af360860e15141d7aae81b0 2008.1/x86_64/lib64mono-devel-1.2.6-4.2mdv2008.1.x86_64.rpm
4ae0c0472dbf89975804afec253fcece 2008.1/x86_64/mono-1.2.6-4.2mdv2008.1.x86_64.rpm
3e142d74f0f323b18f8041df29d9af23 2008.1/x86_64/mono-bytefx-data-mysql-1.2.6-4.2mdv2008.1.x86_64.rpm
72923b3d6c1ae03aaf7e7f112fb3985f 2008.1/x86_64/mono-data-1.2.6-4.2mdv2008.1.x86_64.rpm
6669388d97d8870e4ae1aac4561d437a 2008.1/x86_64/mono-data-firebird-1.2.6-4.2mdv2008.1.x86_64.rpm
ff3b71cf21ede8bb278b22943032efc8 2008.1/x86_64/mono-data-oracle-1.2.6-4.2mdv2008.1.x86_64.rpm
41bf141eaa17dc71140292958c30a299 2008.1/x86_64/mono-data-postgresql-1.2.6-4.2mdv2008.1.x86_64.rpm
ffbe552fcc362ce25577b01bae7d2d17 2008.1/x86_64/mono-data-sqlite-1.2.6-4.2mdv2008.1.x86_64.rpm
1ddfa0b0eb1fb021616cac7e539ebe15 2008.1/x86_64/mono-data-sybase-1.2.6-4.2mdv2008.1.x86_64.rpm
71728b6881d74243161d09b8bb287272 2008.1/x86_64/mono-doc-1.2.6-4.2mdv2008.1.x86_64.rpm
8b0b39af45958b8999d5cb4f835d22d6 2008.1/x86_64/mono-extras-1.2.6-4.2mdv2008.1.x86_64.rpm
3dbc4666c3dde4e7341d46a117f8e5c2 2008.1/x86_64/mono-ibm-data-db2-1.2.6-4.2mdv2008.1.x86_64.rpm
6939c8e5a38e0007d9cb3467877f0a1b 2008.1/x86_64/mono-jscript-1.2.6-4.2mdv2008.1.x86_64.rpm
22e17b6fb762740073627357ab0bfc8d 2008.1/x86_64/mono-locale-extras-1.2.6-4.2mdv2008.1.x86_64.rpm
17c4ea75b0b538c0932fe465fff7c150 2008.1/x86_64/mono-nunit-1.2.6-4.2mdv2008.1.x86_64.rpm
c93ecadc53d94e8178a1aafce4e10795 2008.1/x86_64/mono-web-1.2.6-4.2mdv2008.1.x86_64.rpm
47a1d1f13e15c665af9f206112c4ad5b 2008.1/x86_64/mono-winforms-1.2.6-4.2mdv2008.1.x86_64.rpm
35c1fbf300b903d847c6545f9b10702a 2008.1/SRPMS/mono-1.2.6-4.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
e0d6b76674ada8d8115812770f236a31 2009.0/i586/jay-1.9.1-5.2mdv2009.0.i586.rpm
6654b5e9975aadba60b5339bf448d319 2009.0/i586/libmono0-1.9.1-5.2mdv2009.0.i586.rpm
2ae9180d639ca8acef99e5505e0a723f 2009.0/i586/libmono-devel-1.9.1-5.2mdv2009.0.i586.rpm
8830c0d711b0a5f22663c1af83e58031 2009.0/i586/mono-1.9.1-5.2mdv2009.0.i586.rpm
13991eedda949b0b59aa9558bd80b04c 2009.0/i586/mono-bytefx-data-mysql-1.9.1-5.2mdv2009.0.i586.rpm
7459e64357612053ec09a396a8d2637e 2009.0/i586/mono-data-1.9.1-5.2mdv2009.0.i586.rpm
41fe40e084585b3c2451a7dc578f3f57 2009.0/i586/mono-data-firebird-1.9.1-5.2mdv2009.0.i586.rpm
282c251339ac838893e149e6fa0d44ba 2009.0/i586/mono-data-oracle-1.9.1-5.2mdv2009.0.i586.rpm
ebcfad00d396a4ddbd4a4153a47903ee 2009.0/i586/mono-data-postgresql-1.9.1-5.2mdv2009.0.i586.rpm
343fc5891a7e5836060273c92b6fbe52 2009.0/i586/mono-data-sqlite-1.9.1-5.2mdv2009.0.i586.rpm
5ac4ff0c231f3fe181248206df2b79b0 2009.0/i586/mono-data-sybase-1.9.1-5.2mdv2009.0.i586.rpm
d8002b980b8fa31da67695d5c35c76f3 2009.0/i586/mono-doc-1.9.1-5.2mdv2009.0.i586.rpm
6d2c21bcfdf8598747f68baba09d2566 2009.0/i586/mono-extras-1.9.1-5.2mdv2009.0.i586.rpm
285c0c2f519dd11df02107319009e296 2009.0/i586/mono-ibm-data-db2-1.9.1-5.2mdv2009.0.i586.rpm
13d8dc15f76d1a41c16e216b9995c16e 2009.0/i586/mono-jscript-1.9.1-5.2mdv2009.0.i586.rpm
1794c3603f7e1da8c2fe066a6365863c 2009.0/i586/mono-locale-extras-1.9.1-5.2mdv2009.0.i586.rpm
fe59d88f287ad3750e717f312a42169f 2009.0/i586/mono-nunit-1.9.1-5.2mdv2009.0.i586.rpm
e16b611dfd8bff53e5d55f64c5db3c19 2009.0/i586/mono-web-1.9.1-5.2mdv2009.0.i586.rpm
ff4bd4b44a41af44a61327ace6ad3993 2009.0/i586/mono-winforms-1.9.1-5.2mdv2009.0.i586.rpm
6bf61c4628334ae896a39aac879ec488 2009.0/SRPMS/mono-1.9.1-5.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
44397754d5efd916bc63160c98a5242c 2009.0/x86_64/jay-1.9.1-5.2mdv2009.0.x86_64.rpm
7f4db85dd7ebc2bb5dc742542e3f1038 2009.0/x86_64/lib64mono0-1.9.1-5.2mdv2009.0.x86_64.rpm
9477e7451ce2647e21f0d76a02d6b150 2009.0/x86_64/lib64mono-devel-1.9.1-5.2mdv2009.0.x86_64.rpm
45a0af75bf5d38e4225cf6772d7493b4 2009.0/x86_64/mono-1.9.1-5.2mdv2009.0.x86_64.rpm
7d136b0b121069963056ee59b28b2358 2009.0/x86_64/mono-bytefx-data-mysql-1.9.1-5.2mdv2009.0.x86_64.rpm
11b8f40590007e37696476a87e20f9ac 2009.0/x86_64/mono-data-1.9.1-5.2mdv2009.0.x86_64.rpm
1c021b353b9161be331ae357275580a4 2009.0/x86_64/mono-data-firebird-1.9.1-5.2mdv2009.0.x86_64.rpm
c1bf6485fd05e383dc22add8891a988b 2009.0/x86_64/mono-data-oracle-1.9.1-5.2mdv2009.0.x86_64.rpm
e170da29cd49c1baf9f9022bb467f51f 2009.0/x86_64/mono-data-postgresql-1.9.1-5.2mdv2009.0.x86_64.rpm
fd77c0c80e213893200f936d16ef8370 2009.0/x86_64/mono-data-sqlite-1.9.1-5.2mdv2009.0.x86_64.rpm
74e5734487378fc1f61aada64bb8cef3 2009.0/x86_64/mono-data-sybase-1.9.1-5.2mdv2009.0.x86_64.rpm
509369912869f9eeb48a93e8315269c2 2009.0/x86_64/mono-doc-1.9.1-5.2mdv2009.0.x86_64.rpm
d9cf20071826147ab093b1d7f6f0cdd5 2009.0/x86_64/mono-extras-1.9.1-5.2mdv2009.0.x86_64.rpm
66f53ae6e054459509decc7a882e41c5 2009.0/x86_64/mono-ibm-data-db2-1.9.1-5.2mdv2009.0.x86_64.rpm
5a35a61d918b720a2368b081c2580609 2009.0/x86_64/mono-jscript-1.9.1-5.2mdv2009.0.x86_64.rpm
b6ca2074141ea2c8f934088562e86c52 2009.0/x86_64/mono-locale-extras-1.9.1-5.2mdv2009.0.x86_64.rpm
335fb2198bc64930ee4bc9d61a0b8aa4 2009.0/x86_64/mono-nunit-1.9.1-5.2mdv2009.0.x86_64.rpm
f13262bd50dead132f3ca0a768b7b531 2009.0/x86_64/mono-web-1.9.1-5.2mdv2009.0.x86_64.rpm
e684e230e2b2497e02cb652d711b6bfb 2009.0/x86_64/mono-winforms-1.9.1-5.2mdv2009.0.x86_64.rpm
6bf61c4628334ae896a39aac879ec488 2009.0/SRPMS/mono-1.9.1-5.2mdv2009.0.src.rpm
Mandriva Enterprise Server 5:
db42b5ed808be0011a597f3c2589b386 mes5/i586/jay-1.9.1-5.2mdvmes5.i586.rpm
2d268385c40286aa22eb96e117fe4622 mes5/i586/libmono0-1.9.1-5.2mdvmes5.i586.rpm
13e058ffc0ea426329c9cd89013b3627 mes5/i586/libmono-devel-1.9.1-5.2mdvmes5.i586.rpm
9c1d1f611a3b8eb415c867d3d378aaad mes5/i586/mono-1.9.1-5.2mdvmes5.i586.rpm
4018554a87b79a3070dce02f45667f34 mes5/i586/mono-bytefx-data-mysql-1.9.1-5.2mdvmes5.i586.rpm
84946820d4cb0a726b20f14e1b48d540 mes5/i586/mono-data-1.9.1-5.2mdvmes5.i586.rpm
c6eb247ab28b9509c946337c9decb798 mes5/i586/mono-data-firebird-1.9.1-5.2mdvmes5.i586.rpm
79f7bb9d6eb6c3792d0999afe6be52b9 mes5/i586/mono-data-oracle-1.9.1-5.2mdvmes5.i586.rpm
76ffac5f0bd6813f32f0aeccc99bd163 mes5/i586/mono-data-postgresql-1.9.1-5.2mdvmes5.i586.rpm
49b76c6a1e89a2c3f8236123b9286614 mes5/i586/mono-data-sqlite-1.9.1-5.2mdvmes5.i586.rpm
75104633b7bdbfb0cda696e38c29ac19 mes5/i586/mono-data-sybase-1.9.1-5.2mdvmes5.i586.rpm
b9a12a97736edb66ae7a12a4f25f4f9f mes5/i586/mono-doc-1.9.1-5.2mdvmes5.i586.rpm
a837000f710729b7feaa3f09de4373c1 mes5/i586/mono-extras-1.9.1-5.2mdvmes5.i586.rpm
880955a3e86ec3079bf2576c12c3162a mes5/i586/mono-ibm-data-db2-1.9.1-5.2mdvmes5.i586.rpm
9e566a11736724d34b29640e19ff2bc2 mes5/i586/mono-jscript-1.9.1-5.2mdvmes5.i586.rpm
2d5f001303e34a3060f0dcde99c6c0cd mes5/i586/mono-locale-extras-1.9.1-5.2mdvmes5.i586.rpm
045bdf7a5129d9e3c291fe221e084783 mes5/i586/mono-nunit-1.9.1-5.2mdvmes5.i586.rpm
82d546afb360af149e0888c475cdea92 mes5/i586/mono-web-1.9.1-5.2mdvmes5.i586.rpm
d929e634482b68b9a15df22468a74399 mes5/i586/mono-winforms-1.9.1-5.2mdvmes5.i586.rpm
190fdc4f05bee8ee54978a48e4b3c84c mes5/SRPMS/mono-1.9.1-5.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
c7e27bc486f4aadf9dcf136232ae9bde mes5/x86_64/jay-1.9.1-5.2mdvmes5.x86_64.rpm
5825aae16f52bb418a30b26f7090fab8 mes5/x86_64/lib64mono0-1.9.1-5.2mdvmes5.x86_64.rpm
067316d476e010019091116a8a3ebfd8 mes5/x86_64/lib64mono-devel-1.9.1-5.2mdvmes5.x86_64.rpm
c08589d0e6974670f2f9a93b333b8a9f mes5/x86_64/mono-1.9.1-5.2mdvmes5.x86_64.rpm
3e8b1230173c5a01283fec210f26f508 mes5/x86_64/mono-bytefx-data-mysql-1.9.1-5.2mdvmes5.x86_64.rpm
2b38f64c31b91c817546917aa6c0e947 mes5/x86_64/mono-data-1.9.1-5.2mdvmes5.x86_64.rpm
50ad3c92bb9f0bbb49f8919cd63fcfdd mes5/x86_64/mono-data-firebird-1.9.1-5.2mdvmes5.x86_64.rpm
04ef75339343cf01b8f1e67e6d40407d mes5/x86_64/mono-data-oracle-1.9.1-5.2mdvmes5.x86_64.rpm
ef21f7f6130b2e350bc7bd659d1b5d3d mes5/x86_64/mono-data-postgresql-1.9.1-5.2mdvmes5.x86_64.rpm
d29808f8ab9b9e1f7611ae0ab168dfcf mes5/x86_64/mono-data-sqlite-1.9.1-5.2mdvmes5.x86_64.rpm
df058be839da9c929fe5a6d843f73fbb mes5/x86_64/mono-data-sybase-1.9.1-5.2mdvmes5.x86_64.rpm
8c08cf45c6c421df0f1aa22e1da254e3 mes5/x86_64/mono-doc-1.9.1-5.2mdvmes5.x86_64.rpm
d6fafb66dd6ffcd5fdf162bea6f90bfe mes5/x86_64/mono-extras-1.9.1-5.2mdvmes5.x86_64.rpm
b45a4c26a149534f8b117a3c37786a3e mes5/x86_64/mono-ibm-data-db2-1.9.1-5.2mdvmes5.x86_64.rpm
f7fb216b771981fab74b5c6960e9a4ef mes5/x86_64/mono-jscript-1.9.1-5.2mdvmes5.x86_64.rpm
23ad9696709cf323c7ca13f1451a7d9a mes5/x86_64/mono-locale-extras-1.9.1-5.2mdvmes5.x86_64.rpm
b26a99c1bc4bf952d8b78d3fa08abd7c mes5/x86_64/mono-nunit-1.9.1-5.2mdvmes5.x86_64.rpm
7e8fa9d18335228bd732a94ffc6824b5 mes5/x86_64/mono-web-1.9.1-5.2mdvmes5.x86_64.rpm
e8d247c376a6c619557cf6c18a1772e1 mes5/x86_64/mono-winforms-1.9.1-5.2mdvmes5.x86_64.rpm
190fdc4f05bee8ee54978a48e4b3c84c mes5/SRPMS/mono-1.9.1-5.2mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFK0wUumqjQ0CJFipgRArNBAKCfWpGeVJIWtuSj4ffAx7FD7HWKLgCcCgs5
WU1penl7VZFFTdjrq8mGMCk=
=JIdr
-----END PGP SIGNATURE-----