From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1931-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 08, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : nspr
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1563 CVE-2009-2463
Several vulnerabilities have been discovered in the NetScape Portable
Runtime Library, which may lead to the execution of arbitrary code. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1563
A programming error in the string handling code may lead to the
execution of arbitrary code.
CVE-2009-2463
An integer overflow in the Base64 decoding functions may lead to
the execution of arbitrary code.
The old stable distribution (etch) doesn't contain nspr.
For the stable distribution (lenny), these problems have been fixed in
version 4.7.1-5.
For the unstable distribution (sid) these problems have been fixed in
version 4.8.2-1.
We recommend that you upgrade your NSPR packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1.orig.tar.gz
Size/MD5 checksum: 1258177 55c62ede0e510c6df9bfcc8ac9cffd0c
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.dsc
Size/MD5 checksum: 1133 a0ba001408f4751f3c80f02334e188b1
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.diff.gz
Size/MD5 checksum: 28285 a3240caf8899d497312ae5f915dd353d
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_alpha.deb
Size/MD5 checksum: 145524 a953d83466dc08e5c64f3fac93dcc8c6
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_alpha.deb
Size/MD5 checksum: 284688 29fdeff7a43ac466efd2ddec8497dcde
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_alpha.deb
Size/MD5 checksum: 313328 60eff12d86eef930d01b16ca9bcee432
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_amd64.deb
Size/MD5 checksum: 134452 e8362f7bfb9ad25178fc3b58c8888794
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_amd64.deb
Size/MD5 checksum: 290938 1bda17f94f3e960dcdad04772329ad14
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_amd64.deb
Size/MD5 checksum: 271976 fa0750a3a8762075901a8f06fbf21495
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_arm.deb
Size/MD5 checksum: 276952 6a072a062f7e9c2db1b43338a3955bdc
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_arm.deb
Size/MD5 checksum: 119436 89f1a236d10d78229627fd762bc67a3e
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_arm.deb
Size/MD5 checksum: 255602 9da2dc9c312cf7901f7aeb1f710e507f
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_armel.deb
Size/MD5 checksum: 120734 b71745bf5877be82a349885592037d78
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_armel.deb
Size/MD5 checksum: 282114 cc3def69b457c54f2e13bd6c57090477
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_armel.deb
Size/MD5 checksum: 258072 62328078c188bc87f5039c2e5a9b5674
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_hppa.deb
Size/MD5 checksum: 141442 eec30b4a587f8f93eda26b9376bb34e3
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_hppa.deb
Size/MD5 checksum: 285916 43fac9fb0eaa79036d9b302db5521781
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_hppa.deb
Size/MD5 checksum: 279668 db56b3a1adbdedc308936e6ef50f5260
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_i386.deb
Size/MD5 checksum: 259796 f36c9a52738ee56aedd05e18461e0c1f
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_i386.deb
Size/MD5 checksum: 124188 adff22c50d9a64ed8bf7b6e2c2edc992
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_i386.deb
Size/MD5 checksum: 281648 9896df215653b33de9ce1f8529c1daea
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_ia64.deb
Size/MD5 checksum: 331678 5055f6bcbcbb72a48b9c15f21149fee9
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_ia64.deb
Size/MD5 checksum: 271188 3e12dcca1457d95601c2d4991e9981f9
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_ia64.deb
Size/MD5 checksum: 184152 3575ec187b5219f9c71c6eee5a5474a0
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mips.deb
Size/MD5 checksum: 296890 5f45b168d496b884c79bfb5c46462d5f
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mips.deb
Size/MD5 checksum: 279162 0b5e93aabae4bfc387c7093153abbec2
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mips.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)