=========================================================== Ubuntu Security Notice USN-357-1 October 04, 2006 mono vulnerability CVE-2006-5072 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: mono-classlib-1.0 1.1.8.3-1ubuntu2.1 mono-classlib-2.0 1.1.8.3-1ubuntu2.1 Ubuntu 6.06 LTS: mono-classlib-1.0 1.1.13.6-0ubuntu3.1 mono-classlib-2.0 1.1.13.6-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1.diff.gz Size/MD5: 37812 6e222e5c13002ceca8e1e5efd82036e0 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1.dsc Size/MD5: 1020 605b25e63537ae93e630df34f8a7ae20 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3.orig.tar.gz Size/MD5: 15348432 5aefdc915cbd6ed84834692f59b92080 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-assemblies-base_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 36654 b8f7a5eee8121212b3b04aad24d2b244 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0-dbg_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 3505034 621f1c7a211254305df73f51e4f13a4d http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 3837708 d71d24b2692563b1b693d2c12bfecee7 http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-classlib-2.0-dbg_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 4022756 9fc1a800a4d1987b6d07c041f2466a87 http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-classlib-2.0_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 4308358 6ecf87dfeb0e6842f4225f1073098cab http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-gac_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 47462 eda8167aac2ccf64d249c75234f48be7 http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-gmcs_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 629766 da95636cd70d27125a5d9370b26b7ead http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-mcs_1.1.8.3-1ubuntu2.1_all.deb Size/MD5: 1325110 a7fd2ef6b36717d2f326744e7730c601 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 1058456 945f973f715f24adb4bc0df5c86a1c05 http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 804932 eb2ffc9e912807e8fa415101c3eff48a http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 128100 0e76abfc2c0c748a4d8a930306e293ca http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 36698 9438d7c7f63899f72cdec55d6834f711 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 54668 f1b326f1a327694c545203e35afebfd7 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 669934 3f9b7d62bab94e98a290e16e2bd7342b http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 1057068 6084bd8ec71f685f8fe8d832f6a76442 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1_amd64.deb Size/MD5: 1168 3d3166c3360341775d9908d53890e4fc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 951222 dd9882797594ccc04b5dbb7e78c49756 http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 726766 9610cca518cf9bd22e15a426d4a486c4 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 127854 36c79ed35e3c4d0f16a5afb159315e45 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 36694 78011b14c0e993a71891b0a4388d262b http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 47706 9556d6aae77e0c27eda0d53c702ea800 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 581996 d41c5fa8382e158597b266a07c96af89 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 958318 30f8b6ef7816c071e6ed4ac2d1f5a908 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1_i386.deb Size/MD5: 1166 bf117002f29b4be8fd83572749974701 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 1017924 5d8152155108c344e7481e7065729572 http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 758916 bcdd81cfc6e1478e432dcd88515dbd6c http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 128486 b1aaca6bd7263f87c5bb99c1efc76223 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 36696 5c0788b1c26a534d6f083462791eb33a http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 53586 1f233051aa253135bdc72bfc1f919153 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 629474 2fd9cdd6635a966cf99b09efcf64bea9 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 1040442 f14beea838678f44dcc632e9791e3325 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.8.3-1ubuntu2.1_powerpc.deb Size/MD5: 1168 97bb3b68493b6645f99c458ee970fdde Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1.diff.gz Size/MD5: 47127 39074d36f587a3a452dd339ac3c577c8 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1.dsc Size/MD5: 1047 70243a5a63ad8cdf970fdf6c37dc6bfd http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6.orig.tar.gz Size/MD5: 18217583 330cc66c6a44525950daf10c4f17c10e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-assemblies-base_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 41952 38e5d79b399a27aa05a0456033bafb3b http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0-dbg_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 3794992 56026ef395ea4ed74676cbb871e3010e http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-1.0_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 4560146 3fbe02e71427cfe4a1e1783cb43602c1 http://security.ubuntu.com/ubuntu/pool/universe/m/mono/mono-classlib-2.0-dbg_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 4568340 f803afc5f3e19910476d76b845e91249 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-classlib-2.0_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 5218424 951734a948d1291a3c6534a858898460 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-gac_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 53180 86ae1e6721ebb16d23b03a19abb27fb6 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-gmcs_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 841018 c90055d4e6de2e8eb900be588dd03b95 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-mcs_1.1.13.6-0ubuntu3.1_all.deb Size/MD5: 1415790 6acb8066c16f5a04eb462e9ccf662d6a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 1127592 936fd62104079ba8d8bd663e148a1b8d http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 865988 0d7b06ab46d2c74783af607106351460 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 115862 0b06a012a63b7ae7893e06cf556364a7 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 41980 87527fe4be8ea1b9350a4aea71e85928 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 57544 b234ff59042049ba43f45ef1ed7e77b1 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 12926 e77315930a48494701dc8e5702f61da1 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 1117486 21cd8363acd2aa476428e3e17b39bdd9 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_amd64.deb Size/MD5: 1208 418f84293394b80bddf3cabb1ffcb33e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 1017258 bcc82a02c9e257d106e28f833099795f http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 780460 da70212af024d15eac281adb398fcb87 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 115438 c9898401cd7c386afd8c64bf2f7d288f http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 41976 e5ea69677bab8f821cb82539fb79a0a0 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 50614 42d4cf2690a408d31c1fc01d02b31528 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 12724 0c7cb1e40138d20e8b9241a3772f15c8 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 1014922 fa916a1bd4e2d6a4746e38dd79f41596 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_i386.deb Size/MD5: 1208 ae7e5deafeac6443fc4c1010dc778218 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 1085088 a23c3db696410111ead8f9ead2fd2408 http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 816162 2ec94deecf9f3adb73993c8f44cd575c http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 116400 b596f0d4133c224e83976555ee9a69ae http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 41980 8ee288899bd0901011be6bc938d9390a http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 56572 8ca49da5a086f690f9b576e9f81f8a6b http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 14786 339fb0abad2ae8ee82269d9588413be7 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 1102850 087852786a14d21730151fb7a51607cb http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_powerpc.deb Size/MD5: 1212 39510a31cb7af3b72cf016a2d6013d7b sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-dev_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 1092966 5eccaa96feca0c7269a9194b58738874 http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono0_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 820852 9eb63a6e7f1d687a7f593af523ec6260 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-common_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 115984 ce9248b83e58b49ec15cdd76f0779855 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-devel_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 41980 299f5c233a182adc71f36c9f6f2f3173 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jay_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 53568 1eeebde75ac92a499744b18f3186bfd0 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-jit_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 13004 cc3edd29d1d365cf72f0937350504a40 http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono-utils_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 1049752 b53289c6312c9dab5aaffee77c20704e http://security.ubuntu.com/ubuntu/pool/main/m/mono/mono_1.1.13.6-0ubuntu3.1_sparc.deb Size/MD5: 1214 9f332bf9edc0170fd32254a6f8f1940a