oss-sec mailing list archives
Moonlight release 2.4.1 with security fixes
From: Marcus Meissner <meissner () suse de>
Date: Wed, 6 Apr 2011 20:06:51 +0200
Hi, The Novell Mono developers are just releasing Moonlight (the Mono Silverlight equivalent) security updates for several critical issues. The first 3 issues were reported to the Mono team by Jeroen Frijters (http://www.ikvm.net/). The fixed versions is 2.4.1 for the 2.4 branch and 3.99.3 for the 3.99 (Moonlight 4 preview) branch. The main Novell tracker bug for this update: https://bugzilla.novell.com/show_bug.cgi?id=667077 CVE-2011-0989: modification of read-only values via RuntimeHelpers.InitializeArray https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e The modification of read-only variables (e.g. from outside the sandbox) could be used for breaking out of the moonlight sandboxing. CVE-2011-0990: buffer overflow due to race condition in in Array.FastCopy https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c Similar to the above, an array element could be changed to a privileged read-only element which would then be overwritten. (So not a lowlevel buffer overflow, but a sandboxing violation/break out.) CVE-2011-0991: use-after-free due to DynamicMethod resurrection https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0 https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c Also fixed in this update: CVE-2011-0992: information leak due to improper thread finalization https://bugzilla.novell.com/show_bug.cgi?id=678515 https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91 Ciao, Marcus
Current thread:
- Moonlight release 2.4.1 with security fixes Marcus Meissner (Apr 06)