In association with heise online

10 January 2011, 11:04

Mono developers close security hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mono Logo A flaw in the web server components of the free Mono .NET clone potentially allows ASP.NET applications to supply source code or other files from the web server's application directory. Mono 2.8.2 fixes this as yet unexplained bug. Affected components on the project's vulnerability list include the XSP web server and the mod_mono Apache module. Both of these execute ASP.NET code.

Another security patch fixes a flaw that allows Silverlight applications to execute arbitrary code when running in a security manager. Versions 2 and 3 (beta) of the Moonlight Silverlight implementation are affected.

Further information about the update can be found in the release notes. Mono 2.8.2 is available for Linux, Windows, Mac OS X and other operating systems from the project's download page.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1166254
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit