Bug 220853 (CVE-2006-6104)

Summary: CVE-2006-6104 XSP/mod_mono source code disclosure
Product: [Fedora] Fedora Reporter: Paul F. Johnson <paul>
Component: monoAssignee: Alexander Larsson <alexl>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: urgent    
Version: 6Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mono-1.1.17.1-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-15 12:49:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul F. Johnson 2006-12-28 00:03:20 UTC 
Description of problem:

http://www.mono-project.com/news/archive/2006/Dec-20.html



A vulnerability, which allows an attacker to retrieve unprocessed web content
(e.g. source code), has been found in XSP.

People already using the latest supported version of Mono, 1.2.2 and 1.1.13.8.2,
are protected against this vulnerability. Other people are encouraged to update
to the latest supported version of Mono. Major distributions have already been
advised and updates should (now or shortly) be available for their supported
versions.

More information can be found here: http://www.mono-project.com/Vulnerabilities. 

Additional info:
Will the version of mono in FC6 be updated in the near future to remove this
problem?
Comment 1 Fedora Update System 2007-01-12 19:42:44 UTC 
mono-1.1.17.1-4.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 2 Lubomir Kundrak 2007-01-15 12:49:07 UTC 
(In reply to comment #0)
> Will the version of mono in FC6 be updated in the near future to remove this
> problem?

The packages were updated.