copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ESB-2007.0860 -- [Win][UNIX/Linux][Debian] -- New mono packages fix integer overflow

Date: 05 November 2007

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                ESB-2007.0860 -- [Win][UNIX/Linux][Debian]
                  New mono packages fix integer overflow
                              5 November 2007


        AusCERT Security Bulletin Summary

Product:              mono
Publisher:            Debian
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Debian GNU/Linux 4.0
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-5197

Original Bulletin:

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running mono check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1397-1                                   Moritz Muehlenhoff
November 3rd, 2007            
- - --------------------------------------------------------------------------

Package        : mono
Vulnerability  : integer overflow
Problem-Type   : local
Debian-specific: no
CVE ID         : CVE-2007-5197

An integer overflow in the BigInteger data type implementation has been
discovred in the free .NET runtime Mono.

The oldstable distribution (sarge) doesn't contain mono.

For the stable distribution (etch) this problem has been fixed in
version A powerpc build will be provided later.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your mono packages.

Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- - -------------------------------

  Source archives:
      Size/MD5 checksum:     2536 690ff9b73b11712dafff48f4e573d844
      Size/MD5 checksum:    42815 a36c23b70d5f8c5042bae441c648f52b
      Size/MD5 checksum: 19979026 b67ef657b83ca26249d7b9e9c5e7da69

  Architecture independent components:
      Size/MD5 checksum:    20926 d02d121b86ea13531199e1786e73d1c3
      Size/MD5 checksum:    20856 e0e9b75f711cb831d6348ccc9b2e7c07
      Size/MD5 checksum:    88810 f9d42b9343e99e77ad20709bb8372b51
      Size/MD5 checksum:    88862 685c943b69999d6a7adf5038985c08b5
      Size/MD5 checksum:   223620 878f83d238af926295a8fa6afe8df3e0
      Size/MD5 checksum:    46194 9ec684d4784404eaa6d35ff0d3444311
      Size/MD5 checksum:    46008 e7aa7d9c6fd374cfd0b1633525928c7a
      Size/MD5 checksum:  1796690 e2d33d239a6d10e7ff936a0d8d99c428
      Size/MD5 checksum:  2042898 03abdd8d7dc89bb7042b50a963736b34
      Size/MD5 checksum:    24964 c2efe20fe8ca262dbb9528f8d074f01c
      Size/MD5 checksum:    25184 0269e6ecb0c42331bf0b84027c365016
      Size/MD5 checksum:    63412 adddd438a4bdd6c8d67724d78c7575ba
      Size/MD5 checksum:    66572 8d0383577fab9fda56fb3a591cf3f4bb
      Size/MD5 checksum:   288208 a618ebd6f6be362e742e13c40b9ac645
      Size/MD5 checksum:   209962 7ff6bc9fe2f8edbb71860156f005a85e
      Size/MD5 checksum:   209924 520f9d0b7f504e996a768173bbbe702f
      Size/MD5 checksum:   207936 f7033604ac795332aee7dca7eaffab7b
      Size/MD5 checksum:   256114 b086fad7713d77ec53334caa664fcfab
      Size/MD5 checksum:   256164 7dcaf6bae502b45bb7d1c23474791d0b
      Size/MD5 checksum:   128044 d12d1f98efb116b4f3b14fe149b18106
      Size/MD5 checksum:   128046 722eb37bc3525c9094f5efaed0e27bf5
      Size/MD5 checksum:   111426 f52ddfc4e9224df1bfa2a9ecfd6a654a
      Size/MD5 checksum:   111038 737f5cad01c2de39b98c887f1377a8a1
      Size/MD5 checksum:    99162 5d8084c4fb47df3811aad75b56030976
      Size/MD5 checksum:    99252 9d3947b9476412b0d3b4801de3aa0174
      Size/MD5 checksum:   171852 7bb5b1a89f808b4b1e944f1fe7e9b325
      Size/MD5 checksum:   172276 76927b2c2acb8bbf1401b2f08873dac8
      Size/MD5 checksum:   232218 cc64c5987ebfe92ec336263d21fb0f47
      Size/MD5 checksum:   233346 124a4af44bec04cbb95e221eeeb44a4a
      Size/MD5 checksum:   105428 0c45cd7bde57d392ad277e0b2b8021dc
      Size/MD5 checksum:   126244 4ed4164c8826b6bdded35eb84fc382d7
      Size/MD5 checksum:   105506 2fe08a03e7c51a3e9d4d6aa8762cb37b
      Size/MD5 checksum:   126304 743cafdb99c5b3a3e35b5f9e2e2f08ff
      Size/MD5 checksum:    43516 3327d1d49bc97d19db2d0a8b61a26917
      Size/MD5 checksum:    43506 f57fa7a5fe65a406d6d2b45c59e16bd3
      Size/MD5 checksum:   435142 87789fcd551d9d50c03685101f131946
      Size/MD5 checksum:   519990 115c23eb418c955f2ed707a6d74b36f6
      Size/MD5 checksum:    48114 8309c8db106d7d899753b5423edc4300
      Size/MD5 checksum:    48074 80b8760b5f12c9d629f41f2746c7f244
      Size/MD5 checksum:    64276 dc332b77384c875f2d796d84bef786fb
      Size/MD5 checksum:    64264 6c5ccefd9ada8cb31fe05de0f1529f07
      Size/MD5 checksum:   112958 9c9f35dd37ba3fdadc37a2dead326fa5
      Size/MD5 checksum:   130466 5f73bd56ea1b7d3fad8f07592a4af67e
      Size/MD5 checksum:   738654 23e25d755446735f77797ae4dbcf02a4
      Size/MD5 checksum:  1447448 cc0e9de505364ce60d46a295ad1fad4f
      Size/MD5 checksum:  1686030 8ddfa23403689c1f97886a9e1a865db3
      Size/MD5 checksum:  2224592 0f9b0518dc09a98a5ac01d28b84fd43c
      Size/MD5 checksum:  1393032 3f65fa6c71f92ad4588a7318276c378e
      Size/MD5 checksum:  1689678 216ae80afc19d2eb5e94cd33cb6efdfe
      Size/MD5 checksum:   394524 bc958956b138b0172a77cd9adcce733a
      Size/MD5 checksum:   394534 f3360dc37e12b0814ca32ca48852fc66
      Size/MD5 checksum:    30680 15bbcbf06bb771d85067bbb5fe4973cd
      Size/MD5 checksum:   815244 386ad3abda1bc137e9e26327ef8f729a
      Size/MD5 checksum:   988382 ea67fcc1e19fa99975c5c880543a1990
      Size/MD5 checksum:    26752 805b856b0c85816b99e1ade3c3509f02

  AMD64 architecture:
      Size/MD5 checksum:  1142876 5f299302075de6463557074fe9c70dc9
      Size/MD5 checksum:   850862 c54a56330b1f23cf654afaeaeb273943
      Size/MD5 checksum:     1224 e76e27f0bf91ee4560a2472557075355
      Size/MD5 checksum:    97088 13b15c279671ca4220a1fb1df589b026
      Size/MD5 checksum:    17084 01a4c5bdb22091672ca682c06f91bb1a
      Size/MD5 checksum:    61050 4fc383315e15cb7348aec6b3482ce5a6
      Size/MD5 checksum:   745536 eedf98656a6e2f2624ea54507fffa111
      Size/MD5 checksum:    17054 b4011469915df10de91196be9bb0f0c6
      Size/MD5 checksum:  1120806 76e7635cea950b89efe22cebe3ddd183

  ARM architecture:
      Size/MD5 checksum:  1055134 feb1dae790628d833aeb1ad5d5b49a47
      Size/MD5 checksum:   782388 0363966b23932b51b4808dc298588b45
      Size/MD5 checksum:     1224 b131a782076ff0241813f355b4224a63
      Size/MD5 checksum:    95752 c0edfa13fae9e22608665fc33c264a15
      Size/MD5 checksum:    17088 c20515b05d012e85d4bbc42f6840e28e
      Size/MD5 checksum:    61398 b9d465c9e67af1082e572db1067d273c
      Size/MD5 checksum:   679070 4ad5ee1e7f10585abb1cdfae1623c586
      Size/MD5 checksum:    17052 63425b4783337dfbeff8d22000da0b20
      Size/MD5 checksum:  1055504 54613267f35d45757077a81770ee7bf0

  Intel IA-32 architecture:
      Size/MD5 checksum:  1056588 ab6bec82baebd30a61d9d86bd142ba99
      Size/MD5 checksum:   775306 f4ab41beb2e68058ab6c8d6abb1884da
      Size/MD5 checksum:     1222 f7c3d2e9d42d3f2fa4caa99050219f4f
      Size/MD5 checksum:    96800 609cf64aeccde22225d667c51cd2adc0
      Size/MD5 checksum:    17080 ebc41e48782f7fdee64e73347e8bb0a6
      Size/MD5 checksum:    54994 4e751e2a709951b6a4e5030c9e4437e9
      Size/MD5 checksum:   670186 7e55db852cb362f68336b6a1ead157ad
      Size/MD5 checksum:    17044 1996e25314bc972f7c7ceef44c3a1a30
      Size/MD5 checksum:  1035690 2728352f87d6d6b68a637a259da9b2ae

  Intel IA-64 architecture:
      Size/MD5 checksum:  1572222 942b9dae42083392f09e962b1dcff8d8
      Size/MD5 checksum:  1153008 c1c446735dcddacdc406898080f27fd2
      Size/MD5 checksum:     1220 9d62681eca4e2327eeb109905009ebf6
      Size/MD5 checksum:    99040 750b89739f7a5f1dc2051686514561df
      Size/MD5 checksum:    17082 78680ea864fc7fd56701748da60f761e
      Size/MD5 checksum:    81032 2ec0d0295ec74cdc69ab2638afc7bb9f
      Size/MD5 checksum:  1052472 f1e13c743493c8abb0738313f96b9851
      Size/MD5 checksum:    17050 ecb577d4e3506910c7b3b857d3b0d04a
      Size/MD5 checksum:  1515488 8201bc0b63900af5706b36239380c3f4

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.6 (GNU/Linux)


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.