Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities


Chronologisch Thread 
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecurityNotifies] [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities
  • Date: Wed, 8 Sep 2010 19:50:39 +0200
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Wed, 8 Sep 2010 17:50:57 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <nG42Th-0aoB.A.xp.B08hMB@liszt>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2106-1 security AT debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766
CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168
CVE-2010-3169

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

- - Implementation errors in XUL processing allow the execution of
arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)

- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
the bypass of the same origin policy (CVE-2010-2763)

- - An integer overflow in frame handling allows the execution of
arbitrary code (CVE-2010-2765)

- - An implementation error in DOM handling allows the execution of
arbitrary code (CVE-2010-2766)

- - Incorrect pointer handling in the plugin code allow the execution of
arbitrary code (CVE-2010-2767)

- - Incorrect handling of an object tag may lead to the bypass of cross
site scripting filters (CVE-2010-2768)

- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)

- - Crashes in the layout engine may lead to the execution of arbitrary
code (CVE-2010-3169)

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-4.

For the unstable distribution (sid), these problems have been fixed in
version 3.5.12-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).

For the experimental distribution, these problems have been fixed in
version 3.6.9-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-4.diff.gz
Size/MD5 checksum: 163042 fef37900325a35cd19e6fadc7b4792ba

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-4.dsc
Size/MD5 checksum: 1755 4a3fc8eba2063cc8f2dec2016aa6da77

Architecture independent packages:


http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-4_all.deb
Size/MD5 checksum: 1466308 50ff44ff08dec48d4b2d652163ae7ea9

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 223088 32227bedc240220da932e33d4abee362

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 9506836 c75cf0d768abbbe316c017fbfbb4eec0

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 939496 1d749f3b219ad21bcc4fbf22c1690a8b

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 433784 fac95b65081eb740e059bd3a90588d7a

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 164794 ae2bf12bb04caaf48b6a84fb52cfd763

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 3656062 888ebb75dc6d5237f3416c637f91c5f2

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 51196990 b0fee4e0bbdb80d69dc97e365e8ff43e

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 72720 879d51d99d5fb64da182fa88c5d9f98c

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_alpha.deb
Size/MD5 checksum: 113584 6fb11bf561ed1dcabae7796cbb89598c

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 223374 6cbdbbb59698f1ec9d12dcdccaca5d86

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 50427988 bf8ac74b4d39dd0994a1c37511bd4c45

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 3292136 dbac5ae619a1f623e86a12d653153aa4

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 374794 71050edabc4c0e781cd96852946f8f12

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 101890 14ee3f51274befd9684905c0eea52bbe

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 7736376 f2e78eab4bcf0e2363cdeb94f04773b1

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 152338 d1a367d3afac973bb58fa4031205dbeb

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 891084 05fd7b1a7c4a9dc47a38451317aa488d

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_amd64.deb
Size/MD5 checksum: 70288 d6d988ee37acff17e95787171f9ddf77

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_i386.deb
Size/MD5 checksum: 68510 af4187f4addc059838b52024fd435191

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_i386.deb
Size/MD5 checksum: 82864 8aa9afb20752a8f61255be8752855702

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_i386.deb
Size/MD5 checksum: 49601488 c6ce39264a1a12b1492c02f848fdee95

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_i386.deb
Size/MD5 checksum: 3571770 ffedb609c359cbecc06ef68a280b2277

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_i386.deb
Size/MD5 checksum: 351474 cbd564d6ca1cbb312fc03523c7c88621

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_i386.deb
Size/MD5 checksum: 141214 3c6b35f4d2bf2017e55b4e37bf6c5c2e

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_i386.deb
Size/MD5 checksum: 222280 ed01a03f1a4c202850521801169925ae

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_i386.deb
Size/MD5 checksum: 852478 2d8fd42dc9db80787df1eea444e2721c

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_i386.deb
Size/MD5 checksum: 6609706 77ced17bf3c65fcda31f2a2eb210e4e3

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 180544 5b9afd460f42c6207313893d45356e57

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 542680 5d53abb5ce3c5a1a2ac6cb47bf06e7f0

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 76854 c504085a15276af4dec0898023090815

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 811746 35050579dfb783a57c9f801dd47cb77d

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 223454 aee920a2592ad6a2ad5e201f9d36970c

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 49784168 a8453682d6932ec7b8d5108f814898df

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 121848 34041de673ea9b4aad4f9ed7db7c9623

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 3401030 8de1452f6de11a6be66e7c3b40561d53

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_ia64.deb
Size/MD5 checksum: 11318018 3920554c5ee4358aa7b256ff7b169485

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_mips.deb
Size/MD5 checksum: 51951594 4555607e71857f2053912db9ec91bf48

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_mips.deb
Size/MD5 checksum: 223174 8fde28c6b933f8b5f82efb856b972ec4

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_mips.deb
Size/MD5 checksum: 381072 a978bdff0bd65a0f20e34102fb9af20a

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_mips.deb
Size/MD5 checksum: 96992 cd7dcdb81bade0f8f5ec5e10f2675d29

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_mips.deb
Size/MD5 checksum: 7680508 f6590391d407dc68c405c9d464010106

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_mips.deb
Size/MD5 checksum: 3612302 ea53a5ece7fef3a699a52e117f691b41

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_mips.deb
Size/MD5 checksum: 145620 82731970f4a31f6b2a088c42496311e1

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_mips.deb
Size/MD5 checksum: 919462 4b9eabba75d4a70f681e5b9986f61615

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_mips.deb
Size/MD5 checksum: 70474 8412c9ce5621f084913f62778cb587e7

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 3311772 a3d121bc2928f4ab948a411ddab6cb0e

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 223464 de9217213aecfbed53af59b46f9806a3

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 97096 ec07fe0010434909bff6ef3d4126ff9e

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 900734 6b7caed7430888170545117167d6ae59

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 70224 471a514dc9c60591e220f9b674e1ad50

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 50083292 06be5a87a9ba46401fba448155724d4e

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 7387952 2bf8d6a025f4996d99c4fbad1655024c

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 145374 9db362428ff8af75ddfdc3f301906003

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_mipsel.deb
Size/MD5 checksum: 379188 2d20115192f46f115618030fb2aea107

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 73706 e4a146433743abf48e01b6be3608fb47

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 94702 a1243857e644e20ca51b20266fbbf24e

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 363848 dc4e8ddc4739f6c117bd505a334246e9

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 152902 da40086b552b926909e4790c4ed2652e

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 223502 7d647c800390c200b20eb2fb6c6796fe

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 888818 00f93699976688018767f92127c92146

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 7309922 d55db0fc573736750274978dc3fe3919

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 3594314 2b90465786a3d5bd41985f02bebf3e92

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_powerpc.deb
Size/MD5 checksum: 51511192 2c5ca2520c427369b77f410fb2428324

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_s390.deb
Size/MD5 checksum: 223256 8b29a37034de2b6918587ae3d4cdbbea

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_s390.deb
Size/MD5 checksum: 407590 1480834a695a03d01a594027417c43c8

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_s390.deb
Size/MD5 checksum: 909590 05c3cf3fd63e0bb07c80078a919a7ab5

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_s390.deb
Size/MD5 checksum: 73560 e03a2f2529faa1dd1d08fab11461a90c

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_s390.deb
Size/MD5 checksum: 155494 536d0d61dfbc28627519c61c4c9e655a

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_s390.deb
Size/MD5 checksum: 51290136 09cdceb2f94f0acd6b6e6c1c0226d247

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_s390.deb
Size/MD5 checksum: 3609494 383710d8ce2fffb224b0be4b8758c202

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_s390.deb
Size/MD5 checksum: 8425642 49bf86be9b3028f4bd759ff04a64b929

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_s390.deb
Size/MD5 checksum: 105762 17b7441c2ba313b1168ea7074060e4fb

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 350660 024d0b9c15a66f4b68b2df03aa48d74f

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 821924 4a376e82b02d887e16339716b094267f

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 3572840 a34ee3db29b64acb294925c11ee4519a

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 7184752 d261fa9654eb60e211815790119b755d

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 49453574 edcf736213987e621a58bb28c06b0a81

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 143848 a40609056043b8005ff085eae3cac102

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 88568 e909584468eeb7e33f6fc5176b1d2a2c

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 69646 f006bb1a7a54590072a23c30e53a2872

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_sparc.deb
Size/MD5 checksum: 224258 e841c8d1bc29c1fc650de716b247cd4e


These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce AT lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyHzKcACgkQXm3vHE4uylqx8QCgp1juHiXAT+2Q5mp4RIQWQSPA
W7YAoLQT0RFODyQPrnTQxEPvqfxuYnXX
=OHyF
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20100908175039.GA2816 AT galadriel.inutil.org">http://lists.debian.org/20100908175039.GA2816 AT galadriel.inutil.org




  • [IT-SecurityNotifies] [SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities, Moritz Muehlenhoff, 08.09.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang