MDVSA-2009:268 -- Mandriva mono
|ID: oval:org.secpod.oval:def:300749||Date: (C)2012-01-07 (M)2017-10-04|
|Class: PATCH||Family: unix|
Multiple vulnerabilities has been found and corrected in mono: Multiple cross-site scripting vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to HtmlControl.cs , HtmlForm.cs , HtmlInputButton , HtmlInputRadioButton , and HtmlSelect . The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation . This update fixes these vulnerabilities.
|Mandriva Linux 2009.0|
|Mandriva Linux 2008.1|