From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1751-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
March 22, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0771
Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes
in the layout engine, which might allow the execution of arbitrary
code.
CVE-2009-0772
Jesse Ruderman discovered crashes in the layout engine, which
might allow the execution of arbitrary code.
CVE-2009-0773
Gary Kwong, and Timothee Groleau discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
CVE-2009-0774
Gary Kwong discovered crashes in the Javascript engine, which
might allow the execution of arbitrary code.
CVE-2009-0775
It was discovered that incorrect memory management in the DOM
element handling may lead to the execution of arbitrary code.
CVE-2009-0776
Georgi Guninski discovered a violation of the same-origin policy
through RDFXMLDataSource and cross-domain redirects.
For the stable distribution (lenny), these problems have been fixed
in version 1.9.0.7-0lenny1.
As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.7-1.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.diff.gz
Size/MD5 checksum: 115363 a077fce4011900bca3eb9e29d28eb156
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.dsc
Size/MD5 checksum: 1777 126e1707100d3ece9b99a02a81513b4d
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny1_all.deb
Size/MD5 checksum: 1480194 620fc7b640eb5c63f49faf6d0273700f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 164564 c0fd815c4bc62979145b677ce27b80b9
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 50856168 1cfd2129fdc1ca3a315bc2535ffff1d4
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 931396 b3d0b53f040d6eca7df0aedd0be3b1c4
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 71264 3020f67741813bc7bad96ec40e4a29ba
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 9454574 983086d1b4955ad7f4005a18b88cae03
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 112468 4b09f161e1e14636b3e1c35bb90c3cb7
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 222116 9f061216f1515d1fec49bf1518514345
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 429174 cda6eafe993cba8eea7c2c5542e51d07
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_alpha.deb
Size/MD5 checksum: 3350056 68af1a8546c0c057992982e56d723183
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_amd64.deb
Size/MD5 checksum: 3585686 9cf3e7a022eef14cd6ad4cbf045187bf
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_amd64.deb
Size/MD5 checksum: 7725014 d2c6f63ffb8f4f7e64334922c4a6f6a7
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_amd64.deb
Size/MD5 checksum: 222938 f5ab6707450239cf8b174f152bd6bb5c
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_amd64.deb
Size/MD5 checksum: 884738 e40c8d2a2124f432dd563fd5a125a474
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_amd64.deb
Size/MD5 checksum: 372702 09f6a6b6b26810e2d2d2300cea4214c2
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_amd64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)