Red Hat Bugzilla – Bug 367471
CVE-2007-5197: mono Math.BigInteger buffer overflow
Last modified: 2007-12-20 07:01:33 EST
"Buffer overflow in the Mono.Math.BigInteger class in Mono allows
context-dependent attackers to execute arbitrary code via unspecified vectors."
Patch extracted from Debian's 220.127.116.11-1etch1 patchkit (attached) seems to apply
to 18.104.22.168 in devel with some line offsets, I have done no further analysis.
Created attachment 248611 [details]
Patch from Debian
Gentoo also has a patch, maybe a different one
mono-22.214.171.124-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Alex: I'd urge this a bit. When are f6 and f7 versions likely to hit the
repositories? (I've noticed there was some issue with libs on 64 bit platforms..?)
mono-1.2.3-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.