{"affected":[{"ecosystem_specific":{"binaries":[{"bytefx-data-mysql":"2.6.7-0.18.1","mono-core":"2.6.7-0.18.1","mono-data":"2.6.7-0.18.1","mono-data-firebird":"2.6.7-0.18.1","mono-data-oracle":"2.6.7-0.18.1","mono-data-postgresql":"2.6.7-0.18.1","mono-data-sqlite":"2.6.7-0.18.1","mono-data-sybase":"2.6.7-0.18.1","mono-devel":"2.6.7-0.18.1","mono-extras":"2.6.7-0.18.1","mono-jscript":"2.6.7-0.18.1","mono-locale-extras":"2.6.7-0.18.1","mono-nunit":"2.6.7-0.18.1","mono-wcf":"2.6.7-0.18.1","mono-web":"2.6.7-0.18.1","mono-winforms":"2.6.7-0.18.1","mono-winfxcore":"2.6.7-0.18.1","monodoc-core":"2.6.7-0.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"mono-core","purl":"pkg:rpm/suse/mono-core&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.7-0.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mono-core":"2.6.7-0.18.1","mono-data":"2.6.7-0.18.1","mono-data-postgresql":"2.6.7-0.18.1","mono-data-sqlite":"2.6.7-0.18.1","mono-locale-extras":"2.6.7-0.18.1","mono-nunit":"2.6.7-0.18.1","mono-web":"2.6.7-0.18.1","mono-winforms":"2.6.7-0.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","name":"mono-core","purl":"pkg:rpm/suse/mono-core&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.7-0.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mono-core":"2.6.7-0.18.1","mono-data":"2.6.7-0.18.1","mono-data-postgresql":"2.6.7-0.18.1","mono-data-sqlite":"2.6.7-0.18.1","mono-locale-extras":"2.6.7-0.18.1","mono-nunit":"2.6.7-0.18.1","mono-web":"2.6.7-0.18.1","mono-winforms":"2.6.7-0.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","name":"mono-core","purl":"pkg:rpm/suse/mono-core&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.7-0.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mono-core":"2.6.7-0.18.1","mono-data":"2.6.7-0.18.1","mono-data-postgresql":"2.6.7-0.18.1","mono-data-sqlite":"2.6.7-0.18.1","mono-locale-extras":"2.6.7-0.18.1","mono-nunit":"2.6.7-0.18.1","mono-web":"2.6.7-0.18.1","mono-winforms":"2.6.7-0.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"mono-core","purl":"pkg:rpm/suse/mono-core&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.7-0.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mono-core":"2.6.7-0.18.1","mono-data":"2.6.7-0.18.1","mono-data-postgresql":"2.6.7-0.18.1","mono-data-sqlite":"2.6.7-0.18.1","mono-locale-extras":"2.6.7-0.18.1","mono-nunit":"2.6.7-0.18.1","mono-web":"2.6.7-0.18.1","mono-winforms":"2.6.7-0.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"mono-core","purl":"pkg:rpm/suse/mono-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.7-0.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nmono-core was updated to fix the following vulnerabilities:\n\n- CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary\n  code execution through the string-to-double parser implementation. (bsc#958097)\n- CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU\n  consumption due to lack of protection against predictable hash collisions when processing\n  form parameters. (bsc#739119)\n","id":"SUSE-SU-2016:2958-1","modified":"2016-12-01T09:31:59Z","published":"2016-12-01T09:31:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162958-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/739119"},{"type":"REPORT","url":"https://bugzilla.suse.com/958097"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2009-0689"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2012-3543"}],"related":["CVE-2009-0689","CVE-2012-3543"],"summary":"Security update for mono-core","upstream":["CVE-2009-0689","CVE-2012-3543"]}