CVE-2011-0992 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0992): Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. CVE-2011-0991 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0991): Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. CVE-2011-0990 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0990): Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. CVE-2011-0989 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0989): The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. CVE-2010-4254 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4254): Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
www-plugins/moonlight is hardmasked
Is mono-2.10.2 affected also?
(In reply to comment #2) > Is mono-2.10.2 affected also? I looked at the commits and believe 2.10.2 has these fixes: https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0 https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac but not this fix: https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Am I close? ;)
Yes, last one is the needed: +*mono-2.10.2-r1 (04 Jul 2011) + + 04 Jul 2011; Pacho Ramos <pacho@gentoo.org> -files/mono-2.2-libdir126.patch, + -files/mono-2.2-ppc-threading.patch, -files/mono-2.2-uselibdir.patch, + -files/mono-2.6.4-require-glib.patch, -mono-2.6.7.ebuild, + -files/mono-2.8.1-radegast-crash.patch, -mono-2.8.2-r1.ebuild, + -files/mono-2.8-libdir.patch, -mono-2.10.1-r1.ebuild, + -files/mono-2.10.1-libdir.patch, +mono-2.10.2-r1.ebuild, + +files/mono-2.10.2-threads-access.patch: + Fix security problem, bug #372983 by Tim Sammut. Remove old. + Feel free to add arches when you prefer, it looks to work ok for me
Arches, please test and mark stable: =dev-lang/mono-2.10.2-r1 Target keywords : "amd64 ppc x86"
amd64 ok
x86 stable. Thanks
amd64 all ok
amd64 done. Thanks Agostino and Ian
ppc stable, last arch done
Thanks, everyone. GLSA request filed.
This issue was resolved and addressed in GLSA 201206-13 at http://security.gentoo.org/glsa/glsa-201206-13.xml by GLSA coordinator Tobias Heinlein (keytoaster).
