[SECURITY] [DLA 176-1] mono security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 176-1] mono security update
From: Jo Shields <directhex@apebox.org>
Date: Thu, 19 Mar 2015 12:40:55 +0000
Message-id: <[🔎] 550AC3D7.6000104@apebox.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : mono
Version        : 2.6.7-5.1+deb6u1
CVE ID         : CVE-2015-2318 CVE-2015-2319 CVE-2015-2320
Debian Bug     : 780751

Three issues with Mono's TLS stack are addressed.

CVE-2015-2318

    Mono's implementation of the SSL/TLS stack failed to check
    the order of the handshake messages. Which would allow
    various attacks on the protocol to succeed. ("SKIP-TLS")

CVE-2015-2319

    Mono's implementation of SSL/TLS also contained support for
    the weak EXPORT cyphers and was susceptible to the FREAK attack.

CVE-2015-2320

    Mono contained SSLv2 fallback code, which is no longer needed
    and can be considered insecure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVCsPXAAoJEMkPnLkOH60M8O0H/2RaOp9C6MdbkQ3/IQlnpxLb
4WcRqC5egZighpY9SOL+wq2Z3jK0eQ/FPZsASricjGolxH0jiIKmUk0IY+Rbo1MN
GrT8Df2bMDfGzk9tO4sGEB9IHSEvvWVna04Ix+I33cx5aPhAwqJE5/WLi8WKkkup
2ZHZ2xLuHdHQWPTS6VJ8yJbHseC7GlaeiPkP+oFRXi4HkW5wdGHx7Hpxyvv9CLYP
wsJGTlcfRP+nQoxs3N8XbbSyBRXb65f0Eng82TmlcBfz2DwhFKQTToAwOgAi3w+y
ZhviQGclF3cEBpwLJoontkjMd9frnu50xCl03dTw8eHdBC+B8WtPW3FJJ6YqBA0=
=W3JB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 175-1] gnupg security update
Next by Date: [SECURITY] [DLA 177-1] openssl security update
Previous by thread: [SECURITY] [DLA 175-1] gnupg security update
Next by thread: [SECURITY] [DLA 177-1] openssl security update
Index(es):
- Date
- Thread