Upstream information

CVE-2011-0991 at MITRE

Description

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 667077 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
  • libmoon0 >= 2.4.1-0.5.1
  • moonlight-plugin >= 2.4.1-0.5.1
  • moonlight-tools >= 2.4.1-0.5.1
Builds
SAT Patch Nr: 4246
openSUSE 11.3
  • libmoon0-debuginfo >= 2.4.1-0.2.1
  • moonlight-debugsource >= 2.4.1-0.2.1
  • moonlight-plugin-debuginfo >= 2.4.1-0.2.1
openSUSE 11.3
  • libmoon-devel >= 2.4.1-0.2.1
  • libmoon0 >= 2.4.1-0.2.1
  • moonlight-desktop >= 2.4.1-0.2.1
  • moonlight-desktop-devel >= 2.4.1-0.2.1
  • moonlight-plugin >= 2.4.1-0.2.1
  • moonlight-tools >= 2.4.1-0.2.1
  • moonlight-web-devel >= 2.4.1-0.2.1
openSUSE 11.4
  • libmoon-devel >= 2.4.1-0.3.1
  • libmoon0 >= 2.4.1-0.3.1
  • moonlight-desktop >= 2.4.1-0.3.1
  • moonlight-desktop-devel >= 2.4.1-0.3.1
  • moonlight-plugin >= 2.4.1-0.3.1
  • moonlight-tools >= 2.4.1-0.3.1
  • moonlight-web-devel >= 2.4.1-0.3.1
openSUSE 11.4
  • libmoon-devel >= 2.4.1-0.3.1
  • libmoon0 >= 2.4.1-0.3.1
  • libmoon0-debuginfo >= 2.4.1-0.3.1
  • moonlight-debugsource >= 2.4.1-0.3.1
  • moonlight-desktop >= 2.4.1-0.3.1
  • moonlight-desktop-devel >= 2.4.1-0.3.1
  • moonlight-plugin >= 2.4.1-0.3.1
  • moonlight-plugin-debuginfo >= 2.4.1-0.3.1
  • moonlight-tools >= 2.4.1-0.3.1
  • moonlight-web-devel >= 2.4.1-0.3.1
Patchnames:
libmoon-devel


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Desktop 11 SP1 moonlight Released
SUSE Linux Enterprise Desktop 11 SP2 moonlight Released
SUSE Linux Enterprise Desktop 11 SP3 moonlight Released
SUSE Linux Enterprise Desktop 11 SP4 moonlight Released