Related Vulnerabilities: CVE-2007-5197

An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono. The oldstable distribution (sarge) doesn't contain mono. For the stable distribution (etch) this problem has been fixed in version 1.2.2.1-1etch1. A powerpc build will be provided later. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your mono packages.

Source

Debian Security Advisory

DSA-1397-1 mono -- integer overflow

Date Reported:

03 Nov 2007

Affected Packages:

mono

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2007-5197.

More information:

An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.

The oldstable distribution (sarge) doesn't contain mono.

For the stable distribution (etch) this problem has been fixed in version 1.2.2.1-1etch4. A powerpc build will be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your mono packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:: http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch4.dsc; http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch4.diff.gz; http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.1-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.2-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-c5-1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-cairo1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-cairo2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-corlib1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-corlib2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd7.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd8.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-firebirdsql1.7-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-ldap1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-ldap2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft-build2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft7.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft8.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-oracle1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-oracle2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-peapi1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-peapi2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-security1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-security2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.6-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.84-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.6-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.84-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-data1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-data2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-web1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system-web2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-system2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-winforms1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono-winforms2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono1.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/libmono2.0-cil_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/mono-gac_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/mono-gmcs_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/mono-mcs_1.2.2.1-1etch4_all.deb; http://security.debian.org/pool/updates/main/m/mono/mono-mjs_1.2.2.1-1etch4_all.deb
AMD64:: http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch4_amd64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch4_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch4_arm.deb; http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch4_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch4_i386.deb; http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch4_ia64.deb; http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch4_ia64.deb

MD5 checksums of the listed files are available in the original advisory.

DSA-1397-1 mono -- integer overflow

Debian Security Advisory

DSA-1397-1 mono -- integer overflow

Debian GNU/Linux 4.0 (etch)

Vulmon Search

About

Products

Connect