FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mono -- TLS bugs

Affected packages
mono < 3.10.1
3.12 <= mono < 3.12.1

Details

VuXML ID c0cae920-c4e9-11e4-898e-90e6ba741e35
Discovery 2015-03-06
Entry 2015-03-07

The Mono project reports:

Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post.

Mono’s implementation of SSL/TLS also contained support for the weak EXPORT cyphers and was susceptible to the FREAK attack.

References

URL http://www.mono-project.com/docs/about-mono/vulnerabilities/#tls-bugs