DSA 1931-1: New NSPR packages fix several vulnerabilities
Posted on: 11/08/2009 12:15 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1931-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 08, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : nspr
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1563 CVE-2009-2463

Several vulnerabilities have been discovered in the NetScape Portable
Runtime Library, which may lead to the execution of arbitrary code. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-1563

A programming error in the string handling code may lead to the
execution of arbitrary code.

CVE-2009-2463

An integer overflow in the Base64 decoding functions may lead to
the execution of arbitrary code.

The old stable distribution (etch) doesn't contain nspr.

For the stable distribution (lenny), these problems have been fixed in
version 4.7.1-5.

For the unstable distribution (sid) these problems have been fixed in
version 4.8.2-1.

We recommend that you upgrade your NSPR packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1.orig.tar.gz
Size/MD5 checksum: 1258177 55c62ede0e510c6df9bfcc8ac9cffd0c
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.dsc
Size/MD5 checksum: 1133 a0ba001408f4751f3c80f02334e188b1
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.diff.gz
Size/MD5 checksum: 28285 a3240caf8899d497312ae5f915dd353d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_alpha.deb
Size/MD5 checksum: 145524 a953d83466dc08e5c64f3fac93dcc8c6
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_alpha.deb
Size/MD5 checksum: 284688 29fdeff7a43ac466efd2ddec8497dcde
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_alpha.deb
Size/MD5 checksum: 313328 60eff12d86eef930d01b16ca9bcee432

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_amd64.deb
Size/MD5 checksum: 134452 e8362f7bfb9ad25178fc3b58c8888794
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_amd64.deb
Size/MD5 checksum: 290938 1bda17f94f3e960dcdad04772329ad14
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_amd64.deb
Size/MD5 checksum: 271976 fa0750a3a8762075901a8f06fbf21495

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_arm.deb
Size/MD5 checksum: 276952 6a072a062f7e9c2db1b43338a3955bdc
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_arm.deb
Size/MD5 checksum: 119436 89f1a236d10d78229627fd762bc67a3e
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_arm.deb
Size/MD5 checksum: 255602 9da2dc9c312cf7901f7aeb1f710e507f

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_armel.deb
Size/MD5 checksum: 120734 b71745bf5877be82a349885592037d78
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_armel.deb
Size/MD5 checksum: 282114 cc3def69b457c54f2e13bd6c57090477
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_armel.deb
Size/MD5 checksum: 258072 62328078c188bc87f5039c2e5a9b5674

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_hppa.deb
Size/MD5 checksum: 141442 eec30b4a587f8f93eda26b9376bb34e3
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_hppa.deb
Size/MD5 checksum: 285916 43fac9fb0eaa79036d9b302db5521781
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_hppa.deb
Size/MD5 checksum: 279668 db56b3a1adbdedc308936e6ef50f5260

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_i386.deb
Size/MD5 checksum: 259796 f36c9a52738ee56aedd05e18461e0c1f
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_i386.deb
Size/MD5 checksum: 124188 adff22c50d9a64ed8bf7b6e2c2edc992
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_i386.deb
Size/MD5 checksum: 281648 9896df215653b33de9ce1f8529c1daea

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_ia64.deb
Size/MD5 checksum: 331678 5055f6bcbcbb72a48b9c15f21149fee9
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_ia64.deb
Size/MD5 checksum: 271188 3e12dcca1457d95601c2d4991e9981f9
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_ia64.deb
Size/MD5 checksum: 184152 3575ec187b5219f9c71c6eee5a5474a0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mips.deb
Size/MD5 checksum: 296890 5f45b168d496b884c79bfb5c46462d5f
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mips.deb
Size/MD5 checksum: 279162 0b5e93aabae4bfc387c7093153abbec2
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mips.deb
Size/MD5 checksum: 126054 5e484999ac3044b87656dd46115f63a1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mipsel.deb
Size/MD5 checksum: 291178 fd5a7aded6225e30eedf987f44a16fea
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mipsel.deb
Size/MD5 checksum: 277004 a4f26928866934db999796be4012a7a2
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mipsel.deb
Size/MD5 checksum: 125256 71836594904db6f154ac3eb89cbbfddb

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_powerpc.deb
Size/MD5 checksum: 268738 5daed1f2d5921e736c7f15d6727b8959
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_powerpc.deb
Size/MD5 checksum: 139154 34b602d43792afbf7f2ccde07d0687bf
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_powerpc.deb
Size/MD5 checksum: 292090 e6a310b883c7aa5b6f72bf0cc0683305

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_s390.deb
Size/MD5 checksum: 275458 50b5bf15fe31a8d6668fe018d7062ad8
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_s390.deb
Size/MD5 checksum: 142530 b9a983def8be1e116f9736564e49162f
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_s390.deb
Size/MD5 checksum: 295420 f3c3352862c2390f8c03724f77cf1158

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_sparc.deb
Size/MD5 checksum: 119318 cc152c3f1a1f625bfcbc72ea92cdd953
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_sparc.deb
Size/MD5 checksum: 266168 55a3913c9d30a8b0c1639e999e4c3582
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_sparc.deb
Size/MD5 checksum: 253360 d8969537d73b20300591d3d956b5b301


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkr2mCoACgkQXm3vHE4uylrFTwCg6nymwrKwSimPGLn8ez207HND
SJIAn3RWaUVn8pgihlPV24nsTumJtFrX
=TWkT
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1931_1_new_nspr_packages_fix_several_vulnerabilities.html)