From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2064-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0183 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2010-0183
"wushi" discovered that incorrect pointer handling in the frame
processing code could lead to the execution of arbitrary code.
CVE-2010-1196
"Nils" discovered that an integer overflow in DOM node parsing could
lead to the execution of arbitrary code.
CVE-2010-1197
Ilja von Sprundel discovered that incorrect parsing of
Content-Disposition headers could lead to cross-site scripting.
CVE-2010-1198
Microsoft engineers discovered that incorrect memory handling in the
interaction of browser plugins could lead to the execution of
arbitrary code.
CVE-2010-1199
Martin Barbella discovered that an integer overflow in XSLT node
parsing could lead to the execution of arbitrary code.
CVE-2010-1200
Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben
Turner, Jonathan Kew and David Humphrey discovered crashes in the
layout engine, which might allow the execution of arbitrary code.
CVE-2010-1201
"boardraider" and "stedenon" discovered crashes in the layout engine,
which might allow the execution of arbitrary code.
CVE-2010-1202
Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes
in the Javascript engine, which might allow the execution of arbitrary
code.
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-2.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.10-1
For the experimental distribution, these problems have been fixed in
version 1.9.2.4-1.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.dsc
Size/MD5 checksum: 1755 417c6652438319f99497be2d751a8173
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.diff.gz
Size/MD5 checksum: 131694 adaff492562749fc0deb0b3a9aa98a6a
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-2_all.deb
Size/MD5 checksum: 1465474 9147fba7fd01e7692ce317eee6df74ed
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 9484704 ccb788e476329f5d8601ac46c3324402
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 223352 d935848a008a633456abab7eb6408673
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 433056 9b05559c9e7dceaa71e7470419ccd2ef
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 940244 309d3d7cc8e1551081ec0249656d2ce9
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 165414 2672110161283eec4d2cb9b1b7bd245b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 113404 b58e8e0c45c434df5e96e821bb17aedc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 51139568 b363f55880ffd0b827379edbb3f0602b
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 72496 637eb8ed29c6ebb843151c7628f66869
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_alpha.deb
Size/MD5 checksum: 3356878 63c85461418061e8987bacfc76caf62f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_amd64.deb
Size/MD5 checksum: 890602 00af69b2dffb6d7a61e18efc0b226b74
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_amd64.deb
Size/MD5 checksum: 7732578 58fc9b422b09d3faa026bc95ed065edb
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_amd64.deb
Size/MD5 checksum: 152220 d675895b72aa8e6bbf35d2c5c09849d3
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_amd64.deb
Size/MD5 checksum: 101778 60ab2e8035019d73c6f3b1363c52d597
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_amd64.deb
Size/MD5 checksum: 374562 c2d65837de4ab1793033fcb604c57f64
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)