UbuntuUpdates.org

Package "mono-gac"

Name: mono-gac

Description:

Mono GAC tool

Latest version: 3.2.8+dfsg-4ubuntu1.1
Release: trusty (14.04)
Level: security
Repository: main
Head package: mono
Homepage: http://www.mono-project.com/

Links


Download "mono-gac"


Other versions of "mono-gac" in Trusty

Repository Area Version
base main 3.2.8+dfsg-4ubuntu1
updates main 3.2.8+dfsg-4ubuntu1.1

Changelog

Version: 3.2.8+dfsg-4ubuntu1.1 2015-03-24 14:06:52 UTC

  mono (3.2.8+dfsg-4ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.
 -- Marc Deslauriers <email address hidden> Fri, 20 Mar 2015 12:59:13 -0400

CVE-2015-2318 SKIP-TLS issue
CVE-2015-2319 FREAK issue
CVE-2015-2320 Related to "remove the client-side SSLv2 fallback"



About   -   Send Feedback to @ubuntu_updates