Mandriva Update For Mono MDVSA-2012:140 (mono) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been discovered and corrected in mono: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message (CVE-2012-3382). The updated packages have been patched to correct this issue.

Affected

mono on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-3382

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:178 (squid)
Mandrake Security Advisory MDVSA-2009:186 (firebird)
Mandrake Security Advisory MDVSA-2009:192 (phpmyadmin)
Mandrake Security Advisory MDVSA-2009:123 (opensc)
Mandrake Security Advisory MDVSA-2009:034 (squid)

Mandriva Update for mono MDVSA-2012:140 (mono)

Take action and discover your vulnerabilities