About Ubuntu

=========================================================== Ubuntu Security Notice USN-397-1 December 20, 2006 mono vulnerability CVE-2006-6104 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mono-classlib-1.0 1.1.13.6-0ubuntu3.2 mono-classlib-2.0 1.1.13.6-0ubuntu3.2 Ubuntu 6.10: libmono-system-web1.0-cil 1.1.17.1-1ubuntu7.1 libmono-system-web2.0-cil 1.1.17.1-1ubuntu7.1 After a standard system upgrade you need to restart any mono web applications to effect the necessary changes. Details follow: Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source.