[SECURITY] [DLA 176-1] mono security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package : mono
Version : 2.6.7-5.1+deb6u1
CVE ID : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
Debian Bug : 780751
Three issues with Mono's TLS stack are addressed.
CVE-2015-2318
Mono's implementation of the SSL/TLS stack failed to check
the order of the handshake messages. Which would allow
various attacks on the protocol to succeed. ("SKIP-TLS")
CVE-2015-2319
Mono's implementation of SSL/TLS also contained support for
the weak EXPORT cyphers and was susceptible to the FREAK attack.
CVE-2015-2320
Mono contained SSLv2 fallback code, which is no longer needed
and can be considered insecure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVCsPXAAoJEMkPnLkOH60M8O0H/2RaOp9C6MdbkQ3/IQlnpxLb
4WcRqC5egZighpY9SOL+wq2Z3jK0eQ/FPZsASricjGolxH0jiIKmUk0IY+Rbo1MN
GrT8Df2bMDfGzk9tO4sGEB9IHSEvvWVna04Ix+I33cx5aPhAwqJE5/WLi8WKkkup
2ZHZ2xLuHdHQWPTS6VJ8yJbHseC7GlaeiPkP+oFRXi4HkW5wdGHx7Hpxyvv9CLYP
wsJGTlcfRP+nQoxs3N8XbbSyBRXb65f0Eng82TmlcBfz2DwhFKQTToAwOgAi3w+y
ZhviQGclF3cEBpwLJoontkjMd9frnu50xCl03dTw8eHdBC+B8WtPW3FJJ6YqBA0=
=W3JB
-----END PGP SIGNATURE-----
Reply to: