Mono/Moonlight多漏洞修复公告(CVE-2009-0689/CVE-2015-2318等)

关键漏洞信息 1. String-to-double parser bug CVE: CVE-2009-0689 Description: Mono's string-to-double parser may crash on specially crafted input, potentially leading to arbitrary code execution. Affected Versions: All versions prior to 4.2.0.179 Fixed Versions: 3.10.0-0xamarin4, 3.12.1-0xamarin2, 3.8.0-0xamarin3, 4.0.5.1-0xamarin2 packages in our Debian security repositories. 2. TLS bugs CVEs: CVE-2015-2318, CVE-2015-2319, CVE-2015-2320 Description: Mono's SSL/TLS implementation failed to check the order of the handshake messages and supported weak EXPORT ciphers, allowing various attacks. Affected Versions: All Mono versions before March 6th, 2015. Fixed Versions: Mono 3.10.1, Mono 3.12.1, Mono 4.0.0 3. Moonlight RuntimeHelpers.InitializeArray on non-primitive value types CVE: CVE-2011-0989 Description: Missing validation on RuntimeHelpers.InitializeArray can allow untrusted code to modify internal structures, leading to plugin crashes and possible corruption of Moonlight's security manager. Affected Versions: Moonlight 2.x, Moonlight 3.x previews Fixed Versions: Moonlight 2.4.1, Moonlight 3.99 preview 3 4. Moonlight Race in Array.Copy "FastCopy" Internal Call CVE: CVE-2011-0990 Description: Race condition in the internal call implementing a fast-copy optimization for Array.Copy can allow untrusted code to modify internal structures, leading to plugin crashes and possible corruption of Moonlight's security manager. Affected Versions: Moonlight 2.x, Moonlight 3.x previews Fixed Versions: Moonlight 2.4.1, Moonlight 3.99 preview 3 5. Moonlight DynamicMethod Resurrection CVE: CVE-2011-0991 Description: DynamicMethod instances could be finalized, freeing their data, then resurrected leading to use-after-free of their data. Affected Versions: Moonlight 2.x, Moonlight 3.x previews Fixed Versions: Moonlight 2.4.1, Moonlight 3.99 preview 3 6. XSP/mod_mono source code disclosure CVE: CVE-2010-4225 Description: An unloading bug can, under some circumstances, let ASP.NET applications misbehave and return the source code (.aspx) of the application or any other file in the web application directory. Affected Versions: Mono / XSP / mod_mono 2.8.x Fixed Versions: Mono / XSP / mod_mono 2.8.2

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Mono/Moonlight多漏洞修复公告(CVE-2009-0689/CVE-2015-2318等)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！