MDVSA-2009:268 -- Mandriva monoID: oval:org.secpod.oval:def:300749 | Date: (C)2012-01-07 (M)2022-03-02 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in mono: Multiple cross-site scripting vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to HtmlControl.cs , HtmlForm.cs , HtmlInputButton , HtmlInputRadioButton , and HtmlSelect . The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation . This update fixes these vulnerabilities.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |