Advisories » MGASA-2015-0156

Updated mono packages fix security vulnerabilities

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2318 , CVE-2015-2319 , CVE-2015-2320

Description

A TLS impersonation attack was discovered in Mono's TLS stack by researchers
at Inria (CVE-2015-2318). During checks on the TLS stack, they have discovered
two further issues which have been fixed, a vulnerability to a protocol
downgrade attack (CVE-2015-2319) and SSLv2 support still being available
(CVE-2013-2320).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15445
• http://openwall.com/lists/oss-security/2015/03/17/9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2318
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2319
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2320

SRPMS

4/core

• mono-3.2.3-5.2.mga4