About Ubuntu

=========================================================== Ubuntu Security Notice USN-357-1 October 04, 2006 mono vulnerability CVE-2006-5072 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: mono-classlib-1.0 1.1.8.3-1ubuntu2.1 mono-classlib-2.0 1.1.8.3-1ubuntu2.1 Ubuntu 6.06 LTS: mono-classlib-1.0 1.1.13.6-0ubuntu3.1 mono-classlib-2.0 1.1.13.6-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.