Three flaws were discovered in Mono's TLS implementation: A TLS impersonation attack was discovered in Mono's TLS stack by researchers at Inria. During checks on our TLS stack, we have discovered two further issues which we have fixed - SSLv2 support, and vulnerability to FREAK. These vulnerabilities affect basically every Mono version ever released. This is fixed in Mono version 3.12.1: http://download.mono-project.com/sources/mono/mono-3.12.1.tar.bz2 Upstream patches: https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4 https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10 https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b Additional Information: http://seclists.org/oss-sec/2015/q1/772
I have a copr repo with 3.12.1 for F20 and F21 {i686,x86_64} F22 a and rawhide I have some problem compiling the same package. Copr https://copr.fedoraproject.org/coprs/elsupergomez/mono/
MITRE assigned CVEs for these flaws in http://seclists.org/oss-sec/2015/q1/869: Use CVE-2015-2318 for the https://www.smacktls.com SKIP-TLS issue in Mono. Use CVE-2015-2319 for the https://www.smacktls.com FREAK issue in Mono. Use CVE-2015-2320 for b371da6b2d68b4cdd0f21d6342af6c42794f998b.