From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2106-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 08, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
- - Implementation errors in XUL processing allow the execution of
arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)
- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
the bypass of the same origin policy (CVE-2010-2763)
- - An integer overflow in frame handling allows the execution of
arbitrary code (CVE-2010-2765)
- - An implementation error in DOM handling allows the execution of
arbitrary code (CVE-2010-2766)
- - Incorrect pointer handling in the plugin code allow the execution of
arbitrary code (CVE-2010-2767)
- - Incorrect handling of an object tag may lead to the bypass of cross
site scripting filters (CVE-2010-2768)
- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)
- - Crashes in the layout engine may lead to the execution of arbitrary
code (CVE-2010-3169)
For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-4.
For the unstable distribution (sid), these problems have been fixed in
version 3.5.12-1 of the iceweasel source package (which now builds the xulrunner library binary packages).
For the experimental distribution, these problems have been fixed in
version 3.6.9-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-4.diff.gz
Size/MD5 checksum: 163042 fef37900325a35cd19e6fadc7b4792ba
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-4.dsc
Size/MD5 checksum: 1755 4a3fc8eba2063cc8f2dec2016aa6da77
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-4_all.deb
Size/MD5 checksum: 1466308 50ff44ff08dec48d4b2d652163ae7ea9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 223088 32227bedc240220da932e33d4abee362
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 9506836 c75cf0d768abbbe316c017fbfbb4eec0
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 939496 1d749f3b219ad21bcc4fbf22c1690a8b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 433784 fac95b65081eb740e059bd3a90588d7a
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 164794 ae2bf12bb04caaf48b6a84fb52cfd763
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 3656062 888ebb75dc6d5237f3416c637f91c5f2
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 51196990 b0fee4e0bbdb80d69dc97e365e8ff43e
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 72720 879d51d99d5fb64da182fa88c5d9f98c
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 113584 6fb11bf561ed1dcabae7796cbb89598c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 223374 6cbdbbb59698f1ec9d12dcdccaca5d86
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 50427988 bf8ac74b4d39dd0994a1c37511bd4c45
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 3292136 dbac5ae619a1f623e86a12d653153aa4
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 374794 71050edabc4c0e781cd96852946f8f12
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 101890 14ee3f51274befd9684905c0eea52bbe
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 7736376 f2e78eab4bcf0e2363cdeb94f04773b1
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 152338 d1a367d3afac973bb58fa4031205dbeb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)