SUSE.Security.Update.for.Mono.SUSE-SU-2012-0928-1
Description
Mono is primarily developed on Linux, and most of its users are Linux users, so it is the platform best supported. Mono on Linux supports a number of Linux-specific optimizations.
SUSE released update packages that fixed the following vulnerability:
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. (CVE-2012-3382)
Affected Products
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
Impact
The vulnerability could allow remote attackers to inject arbitrary web script or HTML.
Recommended Actions
Please download and apply patches as instructed in https://www.suse.com/support/update/announcement/2012/suse-su-20120928-1.html.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |