Three issues with Mono’s TLS stack are addressed.
- CVE-2015-2318
Mono’s implementation of the SSL/TLS stack failed to check
the order of the handshake messages. Which would allow
various attacks on the protocol to succeed. (“SKIP-TLS”)
- CVE-2015-2319
Mono’s implementation of SSL/TLS also contained support for
the weak EXPORT cyphers and was susceptible to the FREAK attack.
- CVE-2015-2320
Mono contained SSLv2 fallback code, which is no longer needed
and can be considered insecure.
For Debian 6 Squeeze, these issues have been fixed in mono version 2.6.7-5.1+deb6u1