SuSE 10 Security Update : Mono (ZYPP Patch Number 6353)
High Nessus Plugin ID 41481
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThe XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents.
SolutionApply ZYPP patch number 6353.