Bug 220853 - (CVE-2006-6104) CVE-2006-6104 XSP/mod_mono source code disclosure
CVE-2006-6104 XSP/mod_mono source code disclosure
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: mono (Show other bugs)
6
All Linux
urgent Severity medium
: ---
: ---
Assigned To: Alexander Larsson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-27 19:03 EST by Paul F. Johnson
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: mono-1.1.17.1-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-15 07:49:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul F. Johnson 2006-12-27 19:03:20 EST
Description of problem:

http://www.mono-project.com/news/archive/2006/Dec-20.html



A vulnerability, which allows an attacker to retrieve unprocessed web content
(e.g. source code), has been found in XSP.

People already using the latest supported version of Mono, 1.2.2 and 1.1.13.8.2,
are protected against this vulnerability. Other people are encouraged to update
to the latest supported version of Mono. Major distributions have already been
advised and updates should (now or shortly) be available for their supported
versions.

More information can be found here: http://www.mono-project.com/Vulnerabilities. 

Additional info:
Will the version of mono in FC6 be updated in the near future to remove this
problem?
Comment 1 Fedora Update System 2007-01-12 14:42:44 EST
mono-1.1.17.1-4.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 2 Lubomir Kundrak 2007-01-15 07:49:07 EST
(In reply to comment #0)
> Will the version of mono in FC6 be updated in the near future to remove this
> problem?

The packages were updated.

Note You need to log in before you can comment on or make changes to this bug.