SUSE.Security.Update.for.Mono.SUSE-SU-2012-0928-1

description-logoDescription

Mono is primarily developed on Linux, and most of its users are Linux users, so it is the platform best supported. Mono on Linux supports a number of Linux-specific optimizations.
SUSE released update packages that fixed the following vulnerability:
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. (CVE-2012-3382)

affected-products-logoAffected Products

SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2

Impact logoImpact

The vulnerability could allow remote attackers to inject arbitrary web script or HTML.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in https://www.suse.com/support/update/announcement/2012/suse-su-20120928-1.html.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)