Debian 9858 Published by

The following 3 security updates are available for Debian GNU/Linux

- [DSA-2105-1] New freetype packages fix several vulnerabilities
- [DSA 2106-1] New xulrunner packages fix several vulnerabilities
- [DSA 2107-1] New couchdb package fixes arbitrary code execution



[SECURITY] [DSA-2105-1] New freetype packages fix several vulnerabilities
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2105-1 security@debian.org
Giuseppe Iuculano
September 07, 2010
- ------------------------------------------------------------------------

Package : freetype
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806
CVE-2010-2807 CVE-2010-2808 CVE-2010-3053


Several vulnerabilities have been discovered in the FreeType font
library. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-1797

Multiple stack-based buffer overflows in the
cff_decoder_parse_charstrings function in the CFF Type2 CharStrings
interpreter in cff/cffgload.c in FreeType allow remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via crafted CFF opcodes in embedded fonts in a PDF
document, as demonstrated by JailbreakMe.

CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file.

CVE-2010-2805

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does
not properly validate certain position values, which allows remote
attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted font file

CVE-2010-2806

Array index error in the t42_parse_sfnts function in
type42/t42parse.c in FreeType allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via negative size values for certain strings in FontType42 font
files, leading to a heap-based buffer overflow.

CVE-2010-2807

FreeType uses incorrect integer data types during bounds checking,
which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file.

CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType allows remote attackers to cause a denial
of service (memory corruption and application crash) or possibly
execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka
LWFN) font.

CVE-2010-3053

bdf/bdflib.c in FreeType allows remote attackers to cause a denial of
service (application crash) via a crafted BDF font file, related to
an attempted modification of a value in a static string.


For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny3

For the unstable distribution (sid) and the testing distribution
(squeeze), these problems have been fixed in version 2.4.2-1


We recommend that you upgrade your freetype package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:


Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73

Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8

Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73

alpha architecture (DEC Alpha)


Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2

Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5

Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622

Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b

amd64 architecture (AMD x86_64 (AMD64))


Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9

Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91

Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e

Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde

arm architecture (ARM)


Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b

Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639

Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e

Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d

armel architecture (ARM EABI)


Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419

Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766

Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca

Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854

i386 architecture (Intel ia32)


Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1

Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534

Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915

Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122

ia64 architecture (Intel ia64)


Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc

Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666

Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1

Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6

Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0

Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47

Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af

Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce

Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f

Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad

powerpc architecture (PowerPC)


Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d

Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185

Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad

Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5

s390 architecture (IBM S/390)


Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac

Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850

Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a

Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58

Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a

Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5

Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531


These files will probably be moved into the stable distribution on
its next update.
[SECURITY] [DSA 2106-1] New xulrunner packages fix several vulnerabilities
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2106-1 security@debian.org
Moritz Muehlenhoff
September 08, 2010
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

- - Implementation errors in XUL processing allow the execution of
arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)

- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
the bypass of the same origin policy (CVE-2010-2763)

- - An integer overflow in frame handling allows the execution of
arbitrary code (CVE-2010-2765)

- - An implementation error in DOM handling allows the execution of
arbitrary code (CVE-2010-2766)

- - Incorrect pointer handling in the plugin code allow the execution of
arbitrary code (CVE-2010-2767)

- - Incorrect handling of an object tag may lead to the bypass of cross
site scripting filters (CVE-2010-2768)

- - Incorrect copy and paste handling could lead to cross site scripting
(CVE-2010-2769)

- - Crashes in the layout engine may lead to the execution of arbitrary
code (CVE-2010-3169)

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-4.

For the unstable distribution (sid), these problems have been fixed in
version 3.5.12-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).

For the experimental distribution, these problems have been fixed in
version 3.6.9-1 of the iceweasel source package (which now builds the
xulrunner library binary packages).

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:


Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e

Size/MD5 checksum: 163042 fef37900325a35cd19e6fadc7b4792ba

Size/MD5 checksum: 1755 4a3fc8eba2063cc8f2dec2016aa6da77

Architecture independent packages:


Size/MD5 checksum: 1466308 50ff44ff08dec48d4b2d652163ae7ea9

alpha architecture (DEC Alpha)


Size/MD5 checksum: 223088 32227bedc240220da932e33d4abee362

Size/MD5 checksum: 9506836 c75cf0d768abbbe316c017fbfbb4eec0

Size/MD5 checksum: 939496 1d749f3b219ad21bcc4fbf22c1690a8b

Size/MD5 checksum: 433784 fac95b65081eb740e059bd3a90588d7a

Size/MD5 checksum: 164794 ae2bf12bb04caaf48b6a84fb52cfd763

Size/MD5 checksum: 3656062 888ebb75dc6d5237f3416c637f91c5f2

Size/MD5 checksum: 51196990 b0fee4e0bbdb80d69dc97e365e8ff43e

Size/MD5 checksum: 72720 879d51d99d5fb64da182fa88c5d9f98c

Size/MD5 checksum: 113584 6fb11bf561ed1dcabae7796cbb89598c

amd64 architecture (AMD x86_64 (AMD64))


Size/MD5 checksum: 223374 6cbdbbb59698f1ec9d12dcdccaca5d86

Size/MD5 checksum: 50427988 bf8ac74b4d39dd0994a1c37511bd4c45

Size/MD5 checksum: 3292136 dbac5ae619a1f623e86a12d653153aa4

Size/MD5 checksum: 374794 71050edabc4c0e781cd96852946f8f12

Size/MD5 checksum: 101890 14ee3f51274befd9684905c0eea52bbe

Size/MD5 checksum: 7736376 f2e78eab4bcf0e2363cdeb94f04773b1

Size/MD5 checksum: 152338 d1a367d3afac973bb58fa4031205dbeb

Size/MD5 checksum: 891084 05fd7b1a7c4a9dc47a38451317aa488d

Size/MD5 checksum: 70288 d6d988ee37acff17e95787171f9ddf77

i386 architecture (Intel ia32)


Size/MD5 checksum: 68510 af4187f4addc059838b52024fd435191

Size/MD5 checksum: 82864 8aa9afb20752a8f61255be8752855702

Size/MD5 checksum: 49601488 c6ce39264a1a12b1492c02f848fdee95

Size/MD5 checksum: 3571770 ffedb609c359cbecc06ef68a280b2277

Size/MD5 checksum: 351474 cbd564d6ca1cbb312fc03523c7c88621

Size/MD5 checksum: 141214 3c6b35f4d2bf2017e55b4e37bf6c5c2e

Size/MD5 checksum: 222280 ed01a03f1a4c202850521801169925ae

Size/MD5 checksum: 852478 2d8fd42dc9db80787df1eea444e2721c

Size/MD5 checksum: 6609706 77ced17bf3c65fcda31f2a2eb210e4e3

ia64 architecture (Intel ia64)


Size/MD5 checksum: 180544 5b9afd460f42c6207313893d45356e57

Size/MD5 checksum: 542680 5d53abb5ce3c5a1a2ac6cb47bf06e7f0

Size/MD5 checksum: 76854 c504085a15276af4dec0898023090815

Size/MD5 checksum: 811746 35050579dfb783a57c9f801dd47cb77d

Size/MD5 checksum: 223454 aee920a2592ad6a2ad5e201f9d36970c

Size/MD5 checksum: 49784168 a8453682d6932ec7b8d5108f814898df

Size/MD5 checksum: 121848 34041de673ea9b4aad4f9ed7db7c9623

Size/MD5 checksum: 3401030 8de1452f6de11a6be66e7c3b40561d53

Size/MD5 checksum: 11318018 3920554c5ee4358aa7b256ff7b169485

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 51951594 4555607e71857f2053912db9ec91bf48

Size/MD5 checksum: 223174 8fde28c6b933f8b5f82efb856b972ec4

Size/MD5 checksum: 381072 a978bdff0bd65a0f20e34102fb9af20a

Size/MD5 checksum: 96992 cd7dcdb81bade0f8f5ec5e10f2675d29

Size/MD5 checksum: 7680508 f6590391d407dc68c405c9d464010106

Size/MD5 checksum: 3612302 ea53a5ece7fef3a699a52e117f691b41

Size/MD5 checksum: 145620 82731970f4a31f6b2a088c42496311e1

Size/MD5 checksum: 919462 4b9eabba75d4a70f681e5b9986f61615

Size/MD5 checksum: 70474 8412c9ce5621f084913f62778cb587e7

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 3311772 a3d121bc2928f4ab948a411ddab6cb0e

Size/MD5 checksum: 223464 de9217213aecfbed53af59b46f9806a3

Size/MD5 checksum: 97096 ec07fe0010434909bff6ef3d4126ff9e

Size/MD5 checksum: 900734 6b7caed7430888170545117167d6ae59

Size/MD5 checksum: 70224 471a514dc9c60591e220f9b674e1ad50

Size/MD5 checksum: 50083292 06be5a87a9ba46401fba448155724d4e

Size/MD5 checksum: 7387952 2bf8d6a025f4996d99c4fbad1655024c

Size/MD5 checksum: 145374 9db362428ff8af75ddfdc3f301906003

Size/MD5 checksum: 379188 2d20115192f46f115618030fb2aea107

powerpc architecture (PowerPC)


Size/MD5 checksum: 73706 e4a146433743abf48e01b6be3608fb47

Size/MD5 checksum: 94702 a1243857e644e20ca51b20266fbbf24e

Size/MD5 checksum: 363848 dc4e8ddc4739f6c117bd505a334246e9

Size/MD5 checksum: 152902 da40086b552b926909e4790c4ed2652e

Size/MD5 checksum: 223502 7d647c800390c200b20eb2fb6c6796fe

Size/MD5 checksum: 888818 00f93699976688018767f92127c92146

Size/MD5 checksum: 7309922 d55db0fc573736750274978dc3fe3919

Size/MD5 checksum: 3594314 2b90465786a3d5bd41985f02bebf3e92

Size/MD5 checksum: 51511192 2c5ca2520c427369b77f410fb2428324

s390 architecture (IBM S/390)


Size/MD5 checksum: 223256 8b29a37034de2b6918587ae3d4cdbbea

Size/MD5 checksum: 407590 1480834a695a03d01a594027417c43c8

Size/MD5 checksum: 909590 05c3cf3fd63e0bb07c80078a919a7ab5

Size/MD5 checksum: 73560 e03a2f2529faa1dd1d08fab11461a90c

Size/MD5 checksum: 155494 536d0d61dfbc28627519c61c4c9e655a

Size/MD5 checksum: 51290136 09cdceb2f94f0acd6b6e6c1c0226d247

Size/MD5 checksum: 3609494 383710d8ce2fffb224b0be4b8758c202

Size/MD5 checksum: 8425642 49bf86be9b3028f4bd759ff04a64b929

Size/MD5 checksum: 105762 17b7441c2ba313b1168ea7074060e4fb

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 350660 024d0b9c15a66f4b68b2df03aa48d74f

Size/MD5 checksum: 821924 4a376e82b02d887e16339716b094267f

Size/MD5 checksum: 3572840 a34ee3db29b64acb294925c11ee4519a

Size/MD5 checksum: 7184752 d261fa9654eb60e211815790119b755d

Size/MD5 checksum: 49453574 edcf736213987e621a58bb28c06b0a81

Size/MD5 checksum: 143848 a40609056043b8005ff085eae3cac102

Size/MD5 checksum: 88568 e909584468eeb7e33f6fc5176b1d2a2c

Size/MD5 checksum: 69646 f006bb1a7a54590072a23c30e53a2872

Size/MD5 checksum: 224258 e841c8d1bc29c1fc650de716b247cd4e


These files will probably be moved into the stable distribution on
its next update.
[SECURITY] [DSA 2107-1] New couchdb package fixes arbitrary code execution
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-2107-1 security@debian.org
Sébastien Delafond
Sep 9, 2010
- - ------------------------------------------------------------------------

Package : couchdb
Vulnerability : untrusted search path
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-2953
Debian Bug : 594412

Dan Rosenberg discovered that in couchdb, a distributed,
fault-tolerant and schema-free document-oriented database, an insecure
library search path is used; a local attacker could execute arbitrary
code by first dumping a maliciously crafted shared library in some
directory, and then having an administrator run couchdb from this same
directory.

For the stable distribution (lenny), this problem has been fixed in
version 0.8.0-2+lenny1.

We recommend that you upgrade your couchdb package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:


Size/MD5 checksum: 1309 2a4a53978b085f1222e75f6106f4ee4d

Size/MD5 checksum: 4941 dca93014f06c7521660ebe5e2c2309da

Size/MD5 checksum: 560637 0837bce26ed2ab2ce2efd65e86c85bfc

alpha architecture (DEC Alpha)


Size/MD5 checksum: 277348 1a038436ac64f66a2d9cc23775589b6f

amd64 architecture (AMD x86_64 (AMD64))


Size/MD5 checksum: 277324 cb838abfb1b2a623a9e3457922bf1925

arm architecture (ARM)


Size/MD5 checksum: 274602 2e75d6e81dbb7194d1a8f6001d37598b

armel architecture (ARM EABI)


Size/MD5 checksum: 275548 d5a7b1f7407269243e6c79bdf4ce50ea

hppa architecture (HP PA RISC)


Size/MD5 checksum: 278728 3bb4c5a7d223fae6b96437ed89575c3f

i386 architecture (Intel ia32)


Size/MD5 checksum: 275686 f0135ec654b502ecbcbdaa26f65542c4

ia64 architecture (Intel ia64)


Size/MD5 checksum: 279586 4725662dc6d62d1d193e58eaa0c00d2f

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 276820 d2dd578ac579d20c719bfcd225265eb8

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 278256 680e03ba3bc11f30c2aa4748b3e76f31

powerpc architecture (PowerPC)


Size/MD5 checksum: 281584 40fa5e635d4c0c956cee908f7cf66096

s390 architecture (IBM S/390)


Size/MD5 checksum: 276302 cd6162c5068d9f2e25e0f7952d7f5df0

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 275786 5f6d4d4208838527a16cf7ce95d848c7


These files will probably be moved into the stable distribution on
its next update.