From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2027-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
April 03, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2010-0174
Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout
engine, which might allow the execution of arbitrary code.
CVE-2010-0175
It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.
CVE-2010-0176
It was discovered that incorrect memory handling in the XUL event
handler might allow the execution of arbitrary code.
CVE-2010-0177
It was discovered that incorrect memory handling in the plugin code
might allow the execution of arbitrary code.
CVE-2010-0178
Paul Stone discovered that forced drag-and-drop events could lead to
Chrome privilege escalation.
CVE-2010-0179
It was discovered that a programming error in the XMLHttpRequestSpy
module could lead to the execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.diff.gz
Size/MD5 checksum: 116550 6c9e415004f27291e49f84e90d1d0131
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.dsc
Size/MD5 checksum: 1755 e04cb5b6bd5b8b7f9add59c8a806e3c8
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-1_all.deb
Size/MD5 checksum: 1465282 ce022b6790d6e14f4b788c308653dab8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 9484100 a782bd0ed837f3432c71a109dd98d045
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 223290 ecb8f397d3e6c7463b1c24c0a8ee3675
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 433032 7eec73671d538f485671874579557bc5
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 51124160 1a6dcf57c7d1185c6d95ea4d8bad1f12
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 165330 ee07c899e85d144a8f04ecb462e1c780
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 113322 ac5b08d50ccb70971bb42f44dd938eb3
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 3356812 f445e0ef422d18b9428ee8190810eb5f
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 72410 b6055fee3f283a3b4f299398d156a21a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_alpha.deb
Size/MD5 checksum: 940016 fc6778b3d408736e10d43b5f30d2469a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 70096 59959a92c5cd12582b36000575b81b98
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 223180 7b656ca6976ca0bc5e5dac21a2566807
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 890448 643a3817476fd091dca841dfcefd4584
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 101702 96847a84ad24da47f98b4b332870c6bb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 374384 85617766ed0a0ac960db1664b51f7891
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 152132 edcab736e161e97cf9738f43aecf2272
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 50350940 d38916e2024e9dc46dc40a30da643f2a
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_amd64.deb
Size/MD5 checksum: 3290136 7b32902cd2a92a45a4b8f7163b684ad9
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)