CVE-2011-0989
First published: Fri Apr 08 2011(Updated: )
It was reported [1] that threads in Mono were not properly cleaned up upon finalization, so if one thread was resurrected, it would be possible to see the pointer to freed memory. This could lead to unintended information disclosure, and possibly a crash. This has been corrected upstream [2]. [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=678515">https://bugzilla.novell.com/show_bug.cgi?id=678515</a> [2] <a href="https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91">https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell Moonlight | =3.0 | |
| Novell Moonlight | =2.4 | |
| Novell Moonlight | =2.31 | |
| Novell Moonlight | =3.99 | |
| Mono Mono | ||
| Novell Moonlight | =2.3.0 | |
| Novell Moonlight | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/44002
- https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e
- http://www.vupen.com/english/advisories/2011/0904
- http://www.securityfocus.com/bid/47208
- http://openwall.com/lists/oss-security/2011/04/06/14
- https://bugzilla.novell.com/show_bug.cgi?id=667077
- http://www.mono-project.com/Vulnerabilities
- http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html
- http://secunia.com/advisories/44076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66624
- https://bugzilla.novell.com/show_bug.cgi?id=678515
- https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=694934
- https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c
- https://bugzilla.novell.com/show_bug.cgi?id=660422
- https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a
- https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c
- https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=694933
- https://bugzilla.redhat.com/show_bug.cgi?id=694933
- collector/nvd-historical
- collector/nvd-index
- agent/event
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0989
- vendor/novell
- canonical/novell moonlight
- version/novell moonlight/3.0
- version/novell moonlight/2.4
- version/novell moonlight/2.31
- version/novell moonlight/3.99
- vendor/mono
- canonical/mono mono
- version/novell moonlight/2.3.0
- version/novell moonlight/2.0