Summary: | dev-lang/mono: Binary Planting Vulnerability (CVE-2010-4159) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dotnet |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/mono/mono/commit/d3985be4e45a001e73fdcc47db190b3df61b2a51 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 352808, 359651 | ||
Bug Blocks: |
Description
Tim Sammut (RETIRED)
2010-11-15 04:38:21 UTC
Mono 2.8.1 contains this fix and has been released upstream. But, if we are going to stabilize a newer mono version to fix this one, I would prefer to find time for backporting the patch to mono-2.6 series, since I doubt mono-2.8 is ready to go stable Fixed packages have been stabilized via 352808 and, for ppc only, 359651. GLSA Vote: yes. CVE-2010-4159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4159): Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vote: YES. Added to pending GLSA request. This issue was resolved and addressed in GLSA 201206-13 at http://security.gentoo.org/glsa/glsa-201206-13.xml by GLSA coordinator Tobias Heinlein (keytoaster). |