Ubuntu Security Notice USN-357-1
4th October, 2006
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
Sebastian Krahmer of the SuSE security team discovered that the
System.CodeDom.Compiler classes used temporary files in an insecure
way. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the program.
Under some circumstances, a local attacker could also exploit this to
inject arbitrary code into running Mono processes.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- mono-classlib-2.0 126.96.36.199-0ubuntu3.1
- mono-classlib-1.0 188.8.131.52-0ubuntu3.1
- Ubuntu 5.10:
- mono-classlib-2.0 184.108.40.206-1ubuntu2.1
- mono-classlib-1.0 220.127.116.11-1ubuntu2.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the