DSA 2075-1: New xulrunner packages fix several vulnerabilities
Posted on: 07/27/2010 09:09 PM

New xulrunner packages are available for Debian GNU/Linux

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2075-1 security@debian.org
Debian -- Security Information Moritz Muehlenhoff
July 27, 2010 Debian -- Debian security FAQ
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2010-0182

Wladimir Palant discovered that security checks in XML processing
were insufficiently enforced.

CVE-2010-0654

Chris Evans discovered that insecure CSS handling could lead to
reading data across domain boundaries.

CVE-2010-1205

Aki Helin discovered a buffer overflow in the internal copy of
libpng, which could lead to the execution of arbitrary code.

CVE-2010-1208

"regenrecht" discovered that incorrect memory handling in DOM
parsing could lead to the execution of arbitrary code.

CVE-2010-1211

Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary
Kwong, Tobias Markus and Daniel Holbert discovered crashes in the
layout engine, which might allow the execution of arbitrary code.

CVE-2010-1214

"JS3" discovered an integer overflow in the plugin code, which
could lead to the execution of arbitrary code.

CVE-2010-2751

Jordi Chancel discovered that the location could be spoofed to
appear like a secured page.

CVE-2010-2753

"regenrecht" discovered that incorrect memory handling in XUL
parsing could lead to the execution of arbitrary code.

CVE-2010-2754

Soroush Dalili discovered an information leak in script processing.


For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-3.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.1.11-1.

For the experimental distribution, these problems have been fixed in
version 1.9.2.7-1.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

404 Not Found
Size/MD5 checksum: 149955 e6ec4540373a8dfbea5c1e63f5b628b2
404 Not Found
Size/MD5 checksum: 1755 59f9033377f2450ad114d9ee4367f9c7
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e

Architecture independent packages:

404 Not Found
Size/MD5 checksum: 1466246 a3b5c8b34df7e2077a5e3c5c0d911b85

alpha architecture (DEC Alpha)

404 Not Found
Size/MD5 checksum: 165496 ad7c134eeadc1a2aa751c289052d32f1
404 Not Found
Size/MD5 checksum: 433152 57f7a88c05eece5c0ea17517646267bb
404 Not Found
Size/MD5 checksum: 72550 b581302383396b57f7e07aa4564245b3
404 Not Found
Size/MD5 checksum: 51155444 37595efd28303ec3a88d294b58c1e7aa
404 Not Found
Size/MD5 checksum: 9487312 452f2c3b26bb249711720ade76e77c3f
404 Not Found
Size/MD5 checksum: 223422 9ce6e6f35412321405c27618a3550763
404 Not Found
Size/MD5 checksum: 113478 f4946488381af317acb3bd27da3e372e
404 Not Found
Size/MD5 checksum: 940250 abb2d020d4cce2e5547d17dd94323cee
404 Not Found
Size/MD5 checksum: 3357434 a26b339fee481f1ae5494ee0983e3e75

amd64 architecture (AMD x86_64 (AMD64))

404 Not Found
Size/MD5 checksum: 50381710 4e6df9133e326ca7fe1d91adab87609b
404 Not Found
Size/MD5 checksum: 3291324 01a75923a6b796c2e1f3c02e4584072f
404 Not Found
Size/MD5 checksum: 152266 0a9e05d5e36920cf9cb6c9e39357679b
404 Not Found
Size/MD5 checksum: 7735106 eedecb0183cd911bf7416be5f61cf88e
404 Not Found
Size/MD5 checksum: 374604 7a71d4ce527727f43225fc1cdc6b3915
404 Not Found
Size/MD5 checksum: 70226 f8860e988f030333c59f893582e17da0
404 Not Found
Size/MD5 checksum: 890738 0db2e5b458ae1495dce575688a27ef2a
404 Not Found
Size/MD5 checksum: 223326 1d128ae917c5dab4e977ffb018cb704c
404 Not Found
Size/MD5 checksum: 101830 2bb9a62d6454d0b7ef6da98cc07b4013

arm architecture (ARM)

404 Not Found
Size/MD5 checksum: 140950 d9044d5f823661f4a1ef11c47971d6e2
404 Not Found
Size/MD5 checksum: 3584768 6ff8221347684a334d6f358d2c8f2dcc
404 Not Found
Size/MD5 checksum: 6802070 e489c87976c243d040f568a8e04a7466
404 Not Found
Size/MD5 checksum: 351056 dd61fc5b425e296ef00120b4cfbc5604
404 Not Found
Size/MD5 checksum: 68552 819703fc0550ee6473572ea3655ab1f5
404 Not Found
Size/MD5 checksum: 84224 f3915220a86a6a31e48b845d2af7f249
404 Not Found
Size/MD5 checksum: 222376 cb0563f3e5220ceb6f42b8e6471eb883
404 Not Found
Size/MD5 checksum: 49349776 4037a4ab7eeb964c24c95fbb905edbe6
404 Not Found
Size/MD5 checksum: 815334 c055e242c82b7643c67712602e4f3215

armel architecture (ARM EABI)

404 Not Found
Size/MD5 checksum: 822978 f8609edb961b6c71732c17575393644a
404 Not Found
Size/MD5 checksum: 6962470 fc143ac75279405ef99a3e045439adeb
404 Not Found
Size/MD5 checksum: 3583846 db81fc2e4c8a30fbaf0b176f6d7e77a5
404 Not Found
Size/MD5 checksum: 142446 016a6aa2efa9e49788c97bc925d90bbb
404 Not Found
Size/MD5 checksum: 353294 65f40d8a434c6b430685ef1a54246888
404 Not Found
Size/MD5 checksum: 50182030 97009b62c3d65b5e715f363d7a5a2e0c
404 Not Found
Size/MD5 checksum: 223380 30fd707dea85e43894c84036115920a3
404 Not Found
Size/MD5 checksum: 70694 e5892c32e9850d86138ebf15ad317b63
404 Not Found
Size/MD5 checksum: 84758 a94402fed374f82a1ffeb338cb2a4cbb

hppa architecture (HP PA RISC)

404 Not Found
Size/MD5 checksum: 223614 ea284c98cc97b10b879d6174b81cb486
404 Not Found
Size/MD5 checksum: 899460 290c89b8835d773b8fd240f5610dc63c
404 Not Found
Size/MD5 checksum: 72280 1d32724f444212696e28d15dc22386af
404 Not Found
Size/MD5 checksum: 413386 e78a2aabb581f3f7f8da9cb531d6a883
404 Not Found
Size/MD5 checksum: 158762 89855347fdf8833df8fd643cfd6a2f10
404 Not Found
Size/MD5 checksum: 51267722 b51b03ef591a26a4bb72fb0c58e610c0
404 Not Found
Size/MD5 checksum: 3632562 2d9a207f01319a7bd8f3eb72b3762c77
404 Not Found
Size/MD5 checksum: 9523510 0f38b76b0074881d4b12823eedc40846
404 Not Found
Size/MD5 checksum: 106998 32d701f55bd4cc6e0f7160c3b5db43aa

i386 architecture (Intel ia32)

404 Not Found
Size/MD5 checksum: 49553140 cd9fb750075df895e2ad46a8fe4c8bdf
404 Not Found
Size/MD5 checksum: 852228 f04ee6f2c26e9bda77477d64a13f3c53
404 Not Found
Size/MD5 checksum: 79554 e69019a20fc3e8750faf73961cae8a38
404 Not Found
Size/MD5 checksum: 224454 c7e441828615fa66d9907b6407a2b1ad
404 Not Found
Size/MD5 checksum: 351828 85e4711445491850841c2f05102f2bd2
404 Not Found
Size/MD5 checksum: 6609818 b99e5d5f75686adcea1c3570fb82ead5
404 Not Found
Size/MD5 checksum: 3573826 2869c274453928b8b110d8aee7dcba96
404 Not Found
Size/MD5 checksum: 142966 847a37421b7980378c81c5e818c2df3d
404 Not Found
Size/MD5 checksum: 68968 1eee7343caee6a8a23a141bf6b653fa4

ia64 architecture (Intel ia64)

404 Not Found
Size/MD5 checksum: 224078 a9dc6949ac6ef39884d1cb58929e20fc
404 Not Found
Size/MD5 checksum: 3693822 602f37b927bc425803730a66d17e8bec
404 Not Found
Size/MD5 checksum: 542370 6015bef0d96154f73c32b2031c8bbf70
404 Not Found
Size/MD5 checksum: 77166 1a94ec379b6e210cf35c1116939fc5f7
404 Not Found
Size/MD5 checksum: 813100 d0cdc640bf4a68973942cf563b7f7d7b
404 Not Found
Size/MD5 checksum: 181192 54ef9505c0b0a0b62539dc3d983a8f83
404 Not Found
Size/MD5 checksum: 11340432 b833d183a5337231c512aba60e733213
404 Not Found
Size/MD5 checksum: 49734538 21b8086eb33e228f4a3800307a721558
404 Not Found
Size/MD5 checksum: 121688 1e8f51c8c5d1097d5c0e4b8fd6743ec7

mips architecture (MIPS (Big Endian))

404 Not Found
Size/MD5 checksum: 3611102 8f2980b314f14ff7cf1c244ed11ee638
404 Not Found
Size/MD5 checksum: 145574 f38aa4d16323e517d075d1de833a7a35
404 Not Found
Size/MD5 checksum: 380888 73bf50fdf8fd49a2251f3c13db9e0a2c
404 Not Found
Size/MD5 checksum: 7677088 d034f72357eb3276850bea226dfc3489
404 Not Found
Size/MD5 checksum: 96932 9c55e0f731b1a507e77abb54ea7c2b08
404 Not Found
Size/MD5 checksum: 223126 cc6d3e47d51d4a15cd05ef6af47560c2
404 Not Found
Size/MD5 checksum: 51902590 b9cafda15eba1ae28b5b054bd82e9d62
404 Not Found
Size/MD5 checksum: 919306 764f458b99647036fbdb1b36768e9b99
404 Not Found
Size/MD5 checksum: 70412 c674d096e73e7f353733e502bbc9cd05

mipsel architecture (MIPS (Little Endian))

404 Not Found
Size/MD5 checksum: 378984 c66e5ff8815e2386755ece9c9a34b820
404 Not Found
Size/MD5 checksum: 50034074 88479753fa54a417df183b78d0bb6ed1
404 Not Found
Size/MD5 checksum: 145324 a801aeefc7fbf555ab407eaeb4c35295
404 Not Found
Size/MD5 checksum: 70170 3145be02d89d6e205de5d89b269b9d8d
404 Not Found
Size/MD5 checksum: 3311114 4dac1eff7f53b49976d984606e76afe6
404 Not Found
Size/MD5 checksum: 900836 6727b545324904a39f31261db59f516b
404 Not Found
Size/MD5 checksum: 97046 2953be8b2d4df3994abd68d6f95de215
404 Not Found
Size/MD5 checksum: 7384772 6666f68f98fa2cc81d9e3106c958360b
404 Not Found
Size/MD5 checksum: 223416 a3ad25d92dc8f8e09352bc1fbce07989

powerpc architecture (PowerPC)

404 Not Found
Size/MD5 checksum: 95068 18f76fe7d470194c6320df8b42e7b09b
404 Not Found
Size/MD5 checksum: 888120 b426372622e1ac0164db3f25589a5447
404 Not Found
Size/MD5 checksum: 152544 e3b9205b45b66a3fcf4937c44897a7d8
404 Not Found
Size/MD5 checksum: 3285670 a63c4ce33c3f482584b32cfe50488700
404 Not Found
Size/MD5 checksum: 7287440 f9d042196ccedd4dfb4da6d3e45ca2b1
404 Not Found
Size/MD5 checksum: 51458688 a669258d296192b6bd48b68006f9b618
404 Not Found
Size/MD5 checksum: 223412 b900b19a182c059590bfcdb9495851ef
404 Not Found
Size/MD5 checksum: 73306 94fdad8b176e63c0c791d19a026ce4b0
404 Not Found
Size/MD5 checksum: 362778 79f1ea4633cf0147da60871533750312

s390 architecture (IBM S/390)

404 Not Found
Size/MD5 checksum: 156410 6e986f5714d7052295a32253daea02a9
404 Not Found
Size/MD5 checksum: 73182 f3b9b343586f554ac37e5c7c8970a28a
404 Not Found
Size/MD5 checksum: 407006 5919961e64253609b9eacc6a31a19b87
404 Not Found
Size/MD5 checksum: 8401766 a23f6d0b7ac0b83997635feff3977ac2
404 Not Found
Size/MD5 checksum: 223402 f08c12d85314436f6331b75e2e18b1c7
404 Not Found
Size/MD5 checksum: 909824 8c8c3aa62be4c19e97351562dcbe1694
404 Not Found
Size/MD5 checksum: 3308768 50226e505e97362404ffbe3e770775fe
404 Not Found
Size/MD5 checksum: 105828 1e5fc5d7be3c5ab803dd71e8391c06bb
404 Not Found
Size/MD5 checksum: 51242096 ebae3e5b1eb3fd2d9470cbe117b8ced9

sparc architecture (Sun SPARC/UltraSPARC)

404 Not Found
Size/MD5 checksum: 49406432 caf251c788fe4f76679f600bd1d7b1c0
404 Not Found
Size/MD5 checksum: 70192 33434a3b887ac076d88c0a4e425b3c29
404 Not Found
Size/MD5 checksum: 144136 359a3cac1ee340f79eb9a53ac65f62ed
404 Not Found
Size/MD5 checksum: 7181582 4b0f8aaf9a51e7c76073afbb7ea33c6e
404 Not Found
Size/MD5 checksum: 3583844 11cb9b988b9eac3564f11ed310a8d77e
404 Not Found
Size/MD5 checksum: 84544 0646f157f384a6a1ffcc3052035d1789
404 Not Found
Size/MD5 checksum: 350470 1c643effc57e45c6afc964f2284cda7e
404 Not Found
Size/MD5 checksum: 223260 77281a13fcc78aacd93cf479621ccf74
404 Not Found
Size/MD5 checksum: 821854 32eba751571daa1dcd4db30e7a3b7b2c


These files will probably be moved into the stable distribution on
its next update.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_2075_1_new_xulrunner_packages_fix_several_vulnerabilities.html)