Lucene search
GoogleOSV:DLA-176-1HistoryMar 19, 2015 - 12:00 a.m.
mono - security update
2015-03-1900:00:00
Google
osv.dev
8
0.015 Low
EPSS
Percentile
87.2%
Three issues with Mono’s TLS stack are addressed.
- CVE-2015-2318
Mono’s implementation of the SSL/TLS stack failed to check
the order of the handshake messages. Which would allow
various attacks on the protocol to succeed. (“SKIP-TLS”) - CVE-2015-2319
Mono’s implementation of SSL/TLS also contained support for
the weak EXPORT cyphers and was susceptible to the FREAK attack. - CVE-2015-2320
Mono contained SSLv2 fallback code, which is no longer needed
and can be considered insecure.
For Debian 6 Squeeze, these issues have been fixed in mono version 2.6.7-5.1+deb6u1
References
Related
securityvulns
securityvulns
[SECURITY] [DSA 3202-1] mono security update
2015-05-11 00:00:00
mono security vulnerabilities
2015-05-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-176-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3202-1)
2015-03-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0841-1)
2021-06-09 00:00:00
nessus
nessus
Debian DSA-3202-1 : mono - security update
2015-03-24 00:00:00
Debian DLA-176-1 : mono security update
2015-03-26 00:00:00
SuSE 11.3 Security Update : Mono (SAT Patch Number 10497)
2015-05-11 00:00:00
osv
osv
mono - security update
2015-03-22 00:00:00
debian
debian
[SECURITY] [DSA 3202-1] mono security update
2015-03-22 16:33:03
[SECURITY] [DLA 176-1] mono security update
2015-03-19 12:40:55
[SECURITY] [DSA 3202-1] mono security update
2015-03-22 16:33:03
mageia
mageia
Updated mono packages fix security vulnerabilities
2015-04-15 19:07:57
ubuntu
ubuntu
Mono vulnerabilities
2015-03-24 00:00:00
cve
cve
prion
prion
Design/Logic Flaw
2018-01-08 19:29:00
Design/Logic Flaw
2018-01-08 19:29:00
Design/Logic Flaw
2018-01-08 19:29:00
cvelist
cvelist
ubuntucve
ubuntucve
debiancve
debiancve
nvd
nvd