Medium Nessus Plugin ID 24450
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:073 (mono-core).
Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method.
This is tracked by the Mitre CVE ID CVE-2006-5072.
Packages for all affected distributions were released on November 10th, and for SLE 10 on November 27th.