Bug 1202869 (CVE-2015-2318, CVE-2015-2319, CVE-2015-2320) - CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 mono: TLS implementation vulnerabilities
Summary: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 mono: TLS implementation vulnerabil...
Status: NEW
Alias: CVE-2015-2318, CVE-2015-2319, CVE-2015-2320
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=important,public=20150307,repo...
Keywords: Security
Depends On: 1089426 1220138
TreeView+ depends on / blocked
Reported: 2015-03-17 15:19 UTC by Martin Prpič
Modified: 2019-06-08 20:29 UTC (History)
7 users (show)

Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Martin Prpič 2015-03-17 15:19:28 UTC
Three flaws were discovered in Mono's TLS implementation:

A TLS impersonation attack was discovered in Mono's TLS stack by researchers at Inria. During checks on our TLS stack, we have discovered two further issues which we have fixed - SSLv2 support, and vulnerability to FREAK. These vulnerabilities affect basically every Mono version ever released.

This is fixed in Mono version 3.12.1:


Upstream patches:


Additional Information:


Comment 1 Claudio Rodrigo Pereyra DIaz 2015-03-17 18:09:54 UTC
I have a copr repo with 3.12.1 for F20 and F21 {i686,x86_64}
F22 a and rawhide I have some problem compiling the same package.

Copr https://copr.fedoraproject.org/coprs/elsupergomez/mono/

Comment 2 Martin Prpič 2015-03-18 16:06:31 UTC
MITRE assigned CVEs for these flaws in http://seclists.org/oss-sec/2015/q1/869:

Use CVE-2015-2318 for the https://www.smacktls.com SKIP-TLS issue in Mono.

Use CVE-2015-2319 for the https://www.smacktls.com FREAK issue in Mono.

Use CVE-2015-2320 for b371da6b2d68b4cdd0f21d6342af6c42794f998b.

Note You need to log in before you can comment on or make changes to this bug.