Lucene search

DebianDEBIAN:DLA-176-1:231FF

HistoryMar 19, 2015 - 12:40 p.m.

[SECURITY] [DLA 176-1] mono security update

2015-03-1912:40:55

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Package : mono
Version : 2.6.7-5.1+deb6u1
CVE ID : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
Debian Bug : 780751

Three issues with Mono's TLS stack are addressed.

CVE-2015-2318

Mono&#x27;s implementation of the SSL/TLS stack failed to check
the order of the handshake messages. Which would allow
various attacks on the protocol to succeed. (&quot;SKIP-TLS&quot;)

CVE-2015-2319

Mono&#x27;s implementation of SSL/TLS also contained support for
the weak EXPORT cyphers and was susceptible to the FREAK attack.

CVE-2015-2320

Mono contained SSLv2 fallback code, which is no longer needed
and can be considered insecure.

OSVersionArchitecturePackageVersionFilename
Debian7allmono-2.0-service< 2.10.8.1-8+deb7u1mono-2.0-service_2.10.8.1-8+deb7u1_all.deb
Debian7alllibmono-simd4.0-cil< 2.10.8.1-8+deb7u1libmono-simd4.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian6alllibmono-ldap1.0-cil< 2.6.7-5.1+deb6u1libmono-ldap1.0-cil_2.6.7-5.1+deb6u1_all.deb
Debian7alllibmono-messaging2.0-cil< 2.10.8.1-8+deb7u1libmono-messaging2.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian7alllibmono-cairo2.0-cil< 2.10.8.1-8+deb7u1libmono-cairo2.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian6allmono-1.0-gac< 2.6.7-5.1+deb6u1mono-1.0-gac_2.6.7-5.1+deb6u1_all.deb
Debian7alllibmono-system-ldap4.0-cil< 2.10.8.1-8+deb7u1libmono-system-ldap4.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian6alllibmono-debugger-soft0.0-cil< 2.6.7-5.1+deb6u1libmono-debugger-soft0.0-cil_2.6.7-5.1+deb6u1_all.deb
Debian7alllibmono-microsoft-csharp4.0-cil< 2.10.8.1-8+deb7u1libmono-microsoft-csharp4.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian7kfreebsd-amd64mono-jay< 2.10.8.1-8+deb7u1mono-jay_2.10.8.1-8+deb7u1_kfreebsd-amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	mono-2.0-service	< 2.10.8.1-8+deb7u1	mono-2.0-service_2.10.8.1-8+deb7u1_all.deb
Debian	7	all	libmono-simd4.0-cil	< 2.10.8.1-8+deb7u1	libmono-simd4.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian	6	all	libmono-ldap1.0-cil	< 2.6.7-5.1+deb6u1	libmono-ldap1.0-cil_2.6.7-5.1+deb6u1_all.deb
Debian	7	all	libmono-messaging2.0-cil	< 2.10.8.1-8+deb7u1	libmono-messaging2.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian	7	all	libmono-cairo2.0-cil	< 2.10.8.1-8+deb7u1	libmono-cairo2.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian	6	all	mono-1.0-gac	< 2.6.7-5.1+deb6u1	mono-1.0-gac_2.6.7-5.1+deb6u1_all.deb
Debian	7	all	libmono-system-ldap4.0-cil	< 2.10.8.1-8+deb7u1	libmono-system-ldap4.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian	6	all	libmono-debugger-soft0.0-cil	< 2.6.7-5.1+deb6u1	libmono-debugger-soft0.0-cil_2.6.7-5.1+deb6u1_all.deb
Debian	7	all	libmono-microsoft-csharp4.0-cil	< 2.10.8.1-8+deb7u1	libmono-microsoft-csharp4.0-cil_2.10.8.1-8+deb7u1_all.deb
Debian	7	kfreebsd-amd64	mono-jay	< 2.10.8.1-8+deb7u1	mono-jay_2.10.8.1-8+deb7u1_kfreebsd-amd64.deb