Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method.
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Novell Open Enterprise Server (OES) | any | i586 | mono-core | < 1.1.7.7-0.11 | mono-core-1.1.7.7-0.11.i586.rpm |
openSUSE | 10.0 | i586 | mono-data-postgresql | < 1.1.8.3-6.3 | mono-data-postgresql-1.1.8.3-6.3.i586.rpm |
openSUSE | 9.3 | x86_64 | mono-data-postgresql | < 1.1.4-15.2 | mono-data-postgresql-1.1.4-15.2.x86_64.rpm |
SUSE Linux Enterprise SDK | 10 | x86_64 | mono-web | < 1.1.13.8-2.10 | mono-web-1.1.13.8-2.10.x86_64.rpm |
openSUSE | 10.0 | i586 | mono-devel | < 1.1.8.3-6.3 | mono-devel-1.1.8.3-6.3.i586.rpm |
SUSE Linux Enterprise SDK | 10 | s390x | mono-nunit | < 1.1.13.8-2.10 | mono-nunit-1.1.13.8-2.10.s390x.rpm |
openSUSE | 10.0 | ppc | mono-data-postgresql | < 1.1.8.3-6.3 | mono-data-postgresql-1.1.8.3-6.3.ppc.rpm |
openSUSE | 10.1 | i586 | mono-winforms | < 1.1.13.8-2.10 | mono-winforms-1.1.13.8-2.10.i586.rpm |
openSUSE | 10.1 | i586 | mono-web | < 1.1.13.8-2.10 | mono-web-1.1.13.8-2.10.i586.rpm |
SUSE Linux Enterprise Server | 10 | x86_64 | mono-nunit | < 1.1.13.8-2.10 | mono-nunit-1.1.13.8-2.10.x86_64.rpm |