Ubuntu Security Notice USN-357-1
4th October, 2006
mono vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
Details
Sebastian Krahmer of the SuSE security team discovered that the
System.CodeDom.Compiler classes used temporary files in an insecure
way. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the program.
Under some circumstances, a local attacker could also exploit this to
inject arbitrary code into running Mono processes.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- mono-classlib-2.0 1.1.13.6-0ubuntu3.1
- mono-classlib-1.0 1.1.13.6-0ubuntu3.1
- Ubuntu 5.10:
- mono-classlib-2.0 1.1.8.3-1ubuntu2.1
- mono-classlib-1.0 1.1.8.3-1ubuntu2.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.