Debian 9858 Published by

The following two security updates are available for Debian GNU/Linux:

- [DSA 2123-1] New NSS packages fix cryptographic weaknesses
- [DSA 2124-1] New Xulrunner packages fix several vulnerabilities



[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2123-1 security@debian.org
Debian -- Security Information Florian Weimer
November 01, 2010 Debian -- Debian security FAQ
- ------------------------------------------------------------------------

Package : nss
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-3170 CVE-2010-3173

Several vulnerabilities have been discovered in Mozilla's Network
Security Services (NSS) library. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2010-3170
NSS recognizes a wildcard IP address in the subject's Common
Name field of an X.509 certificate, which might allow
man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification
Authority.

CVE-2010-3173
NSS does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms
via a brute-force attack.

For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny2.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.12.8-1.

We recommend that you upgrade your NSS packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:


Size/MD5 checksum: 1394 908a5e77c32e84069883a3cfb836eb24

Size/MD5 checksum: 53696 3d064b2d08ccc6a8ae11e1771379f1c7

Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f

alpha architecture (DEC Alpha)


Size/MD5 checksum: 273438 6a97ce0db5683e1b87c2a3debd4f0a2f

Size/MD5 checksum: 3049536 4eaec5fabcab56b1fe06c2d6e0fa8574

Size/MD5 checksum: 342354 6bb6d7334e986265f9a1f6f0d6778d98

Size/MD5 checksum: 1207870 d84910b4354cdb1796dd3d5787cdcee8

amd64 architecture (AMD x86_64 (AMD64))


Size/MD5 checksum: 3101238 6350cb985ded4fbc6fb4c65127f586da

Size/MD5 checksum: 320840 7cc70e973254a99a76834a7febbadc67

Size/MD5 checksum: 1071354 1fb1921a73e16bfd2a4dc6925bdb8a7e

Size/MD5 checksum: 262634 799e5eb80cf076fe34c9643b8078bb43

arm architecture (ARM)


Size/MD5 checksum: 254618 0d553164d3d303e096efbac3ab2dcabe

Size/MD5 checksum: 309000 edc68fa74a8b939293ca23f7aa3a6efd

Size/MD5 checksum: 1011704 9b9e1459b833922e31510cefab0594c0

Size/MD5 checksum: 2901632 4ad15a531cdf51ef146f3337148a71d2

armel architecture (ARM EABI)


Size/MD5 checksum: 2924760 f06d340c4aa9f4044d5a00df6617e624

Size/MD5 checksum: 1017348 3f72c2cb4d1d39d0fed98acd9d4409c3

Size/MD5 checksum: 308638 f81fb9ba70eb3e5b8f3117dba5c18a6b

Size/MD5 checksum: 258562 2b0b270a34ce0bfa9b8d7589782a820d

hppa architecture (HP PA RISC)


Size/MD5 checksum: 262180 5bb31fdc16b4883f42f3d9a8db31b478

Size/MD5 checksum: 347268 025014303d4e266c8b3e7260022624e7

Size/MD5 checksum: 2946180 aff9d6ce1e1fefe47443116d9791eee7

Size/MD5 checksum: 1169546 e439f85cb7d5755488283b48c25213bc

i386 architecture (Intel ia32)


Size/MD5 checksum: 303718 a9bdcd4d31a594c196f18b916adcf29c

Size/MD5 checksum: 259032 77d7d235c8395b14c47033158ca99a12

Size/MD5 checksum: 2915646 fdf2b28a0b482e9b5310a69e303162a9

Size/MD5 checksum: 958778 233e968682a24b1f7b8259552d869cc9

ia64 architecture (Intel ia64)


Size/MD5 checksum: 272290 c833704551b7330ff002c7a486fd6326

Size/MD5 checksum: 410084 393d05ececb2b56c3e9cf8667bee6e37

Size/MD5 checksum: 1489784 30b154c46b4d3609a54f86bd2c9608d4

Size/MD5 checksum: 2800250 411058093b4bcf9cc241c97283b706f4

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 1039604 93dce812de2605a1decf3a91cf1fdcb6

Size/MD5 checksum: 3050894 433d8ac69c75486c3f4ef1a8e8b571fc

Size/MD5 checksum: 262606 24bc492fd4fb188222ce9eeb1ff0c768

Size/MD5 checksum: 319884 a9f8a2f8b13d1bbd64ca5be52fafcdec

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 1028620 5373a76615b1208a0bcf648e1ac4d74d

Size/MD5 checksum: 317226 528869d14dd652a8ff77a8d0949060ed

Size/MD5 checksum: 257912 d4f5d5704b0137797635350ee6dbd74d

Size/MD5 checksum: 3001244 09ffd9355ea180446462c4762118c0ea

powerpc architecture (PowerPC)


Size/MD5 checksum: 2948604 3378206f900751ead42c264fb889ded9

Size/MD5 checksum: 333556 11a62eebda4b15f09bc9923c0256d4b5

Size/MD5 checksum: 1031552 66e7ef314e0003a4626be23fdf7843f6

Size/MD5 checksum: 259498 af3924c5043f456484598d76d6a0ca1f

s390 architecture (IBM S/390)


Size/MD5 checksum: 263080 0675ec6c2daf678d558f529eb59c45e9

Size/MD5 checksum: 346292 1e77acadf630955325ad21d802512b39

Size/MD5 checksum: 3021080 a59b06101c7d226f6ca526164f92c5c7

Size/MD5 checksum: 1178440 a383e9a1ba4a2a8e1d8662031f2b7b0f

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 2713414 9fb579cb2a9729a7daa00472e4886c94

Size/MD5 checksum: 257226 32f907739b4b8712832ab3370616a6af

Size/MD5 checksum: 997232 2803a67dba4eff8dff851f89a5363592

Size/MD5 checksum: 317520 32e167507b034ffc02a5371f46c968ea


These files will probably be moved into the stable distribution on
its next update.
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2124-1 security@debian.org
Debian -- Security Information Florian Weimer
November 01, 2010 Debian -- Debian security FAQ
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3765 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183

Several vulnerabilities have been discovered in Xulrunner, the
component that provides the core functionality of Iceweasel, Debian's
variant of Mozilla's browser technology.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-3765
Xulrunner allows remote attackers to execute arbitrary code
via vectors related to nsCSSFrameConstructor::ContentAppended,
the appendChild method, incorrect index tracking, and the
creation of multiple frames, which triggers memory corruption.

CVE-2010-3174
CVE-2010-3176
Multiple unspecified vulnerabilities in the browser engine in
Xulrunner allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.

CVE-2010-3177
Multiple cross-site scripting (XSS) vulnerabilities in the
Gopher parser in Xulrunner allow remote attackers to inject
arbitrary web script or HTML via a crafted name of a (1) file
or (2) directory on a Gopher server.

CVE-2010-3178
Xulrunner does not properly handle certain modal calls made by
javascript: URLs in circumstances related to opening a new
window and performing cross-domain navigation, which allows
remote attackers to bypass the Same Origin Policy via a
crafted HTML document.

CVE-2010-3179
Stack-based buffer overflow in the text-rendering
functionality in Xulrunner allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption
and application crash) via a long argument to the
document.write method.

CVE-2010-3180
Use-after-free vulnerability in the nsBarProp function in
Xulrunner allows remote attackers to execute arbitrary code by
accessing the locationbar property of a closed window.

CVE-2010-3183
The LookupGetterOrSetter function in Xulrunner does not
properly support window.__lookupGetter__ function calls that
lack arguments, which allows remote attackers to execute
arbitrary code or cause a denial of service (incorrect pointer
dereference and application crash) via a crafted HTML
document.

In addition, this security update includes corrections for regressions
caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1
and DSA-2106-1.

For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.19-6.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.5.15-1 of the iceweasel package.

We recommend that you upgrade your Xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:


Size/MD5 checksum: 1755 e07e9c6f05d92caf3c5a068b8cf249e1

Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e

Size/MD5 checksum: 176924 9ac56cbdededbd37f30b2fbf85724ba1

Architecture independent packages:


Size/MD5 checksum: 1466740 4db5a3cb380642680fc8584bbd559c1c

alpha architecture (DEC Alpha)


Size/MD5 checksum: 223584 461a28c6405acd4f9bb0576e2982da4e

Size/MD5 checksum: 9491974 d636e29b64c83a2a43d7cf50231ef343

Size/MD5 checksum: 3358362 08e9f79784ad3ba52a30aa1e71553d95

Size/MD5 checksum: 113684 95e4be0c1b10b218859e810ded67ce0d

Size/MD5 checksum: 51201246 ad06f952e5d32680b1739970c0af38d3

Size/MD5 checksum: 165678 3336d43295e15ec246acb9d65aa1684b

Size/MD5 checksum: 940892 45e2a60037bb7bff9c73c882d87d7dbc

Size/MD5 checksum: 72724 742cc5e1c363163a192c6cb6fdb5205a

Size/MD5 checksum: 433560 ea475e8ea28eef6f33881499cfe4179a

amd64 architecture (AMD x86_64 (AMD64))


Size/MD5 checksum: 70560 9b6ee7fb354dae5d78b03911ee5de94c

Size/MD5 checksum: 102210 3ec67b7e662e5a28228422676408138a

Size/MD5 checksum: 891472 54b7b88accdfc1afe4f3e35669323c26

Size/MD5 checksum: 375598 8c057b0858c9518ec39c64a9e378998c

Size/MD5 checksum: 153740 d3803bab845ace63025958f0035cee51

Size/MD5 checksum: 3298226 4832e7665e19a3301587f45657613c8a

Size/MD5 checksum: 223568 f464b4aa584a79a5639d3c7361df8437

Size/MD5 checksum: 50454656 0743e8ba1643eef745c87c59cc17c554

Size/MD5 checksum: 7734448 c872c7bf80990a6d80e79d1147cf4701

arm architecture (ARM)


Size/MD5 checksum: 351476 6b3d9c8fe879e8963523443c4c9a0741

Size/MD5 checksum: 68742 41a546be60e4d7c1c5d03e9e994b89f9

Size/MD5 checksum: 141078 99a1ca3e81b9b8d8769d044115f7e349

Size/MD5 checksum: 3586576 9eccd861365ab77dc6ced37bf9430e58

Size/MD5 checksum: 49403312 80ee2609ed8657844eb34d12096f17b0

Size/MD5 checksum: 84422 242a44cfe822e79975f291553cf26d86

Size/MD5 checksum: 815626 453e7cb1e3823a9196cf4a4338116834

Size/MD5 checksum: 6807342 ff5e6f9aaeb25dff90ce89dd2cc60652

Size/MD5 checksum: 222578 5bc459b6b8e2af17cac9b18dfc1b82e3

armel architecture (ARM EABI)


Size/MD5 checksum: 71074 755a0a4267349287b1da5de5e9be0021

Size/MD5 checksum: 50231752 b2bb2fbb6964339ea465f495a19dea81

Size/MD5 checksum: 223724 ead62af874d36c771f1f25c146982d84

Size/MD5 checksum: 353748 1606af72d97b8ca06792f90326f23b8d

Size/MD5 checksum: 84326 9737260affb7e38ea553d72c07b4ecd2

Size/MD5 checksum: 142212 973e6e0e3eba1bcb451fbf9519cb261b

Size/MD5 checksum: 3583542 0c64d395a9b6d8295438e4163110bb58

Size/MD5 checksum: 6967098 be90fb28695ebf960668af8787923749

Size/MD5 checksum: 824452 b210f74f1d99e6c1d9adbfb5e55225cb

i386 architecture (Intel ia32)


Size/MD5 checksum: 6614408 93c72cde788476b48dacd580a8f0f0b8

Size/MD5 checksum: 143160 b5e3590ebdbf7223c0bac024af05b5f2

Size/MD5 checksum: 49607238 0f4cd75a85c5ae2e17e340c52481cb77

Size/MD5 checksum: 852434 78449aa7888666a397684634e96070d5

Size/MD5 checksum: 69152 9e8724cdf374b7b228f534f04a631f72

Size/MD5 checksum: 79750 c3e7e841531ea35242fe2a2d511ef704

Size/MD5 checksum: 224634 51de208fab610ca69ae485c5621aca72

Size/MD5 checksum: 352144 5b52b17bfdf01bf8f30305e4ed7e48b1

Size/MD5 checksum: 3574880 c443390f8b9ef56b5e0ce7b4edfc91e0

ia64 architecture (Intel ia64)


Size/MD5 checksum: 121966 55eb541ff1cce6c6f8edf6f8ed4d0ea2

Size/MD5 checksum: 223578 c2bd9d8d641d2e57a31621613fa19fa7

Size/MD5 checksum: 3401224 1f5b77b79cdd20fc741ed9fac2cffc87

Size/MD5 checksum: 49791322 7cfc30611f2acaa91cabee8f0a7c6259

Size/MD5 checksum: 76990 e59e3e9eadd95fb0a5cc6453bdaeff0b

Size/MD5 checksum: 542938 17a363bae7a8fbc5973ce38e2d99b8ee

Size/MD5 checksum: 180670 f1bfb87d0370d165254c7192d066764f

Size/MD5 checksum: 811756 046cde5fd861d4fdae89b079726ce972

Size/MD5 checksum: 11320366 9893c16ece56647f42702eb2e173e671

mips architecture (MIPS (Big Endian))


Size/MD5 checksum: 96770 0fac3de71825c688751b5c40b95c8d98

Size/MD5 checksum: 69814 8a8b34fedb2d35fcea5c281aa252c8ae

Size/MD5 checksum: 222760 54aa507a287a89f2f395c46d10ced43b

Size/MD5 checksum: 917958 27ac8e895138f658dd88fdadaef6d453

Size/MD5 checksum: 7674738 68b41bbb0ade1076f3ff9d502e07e683

Size/MD5 checksum: 3612480 bfe2fe243bc6a63445c8afed1d8f42f4

Size/MD5 checksum: 51958928 caf4012f9054b5ddb9d1034d4f6a2310

Size/MD5 checksum: 380340 607b465eab33052962ed2e2bf407b202

Size/MD5 checksum: 144924 c668c26f27148096fdd00b4ccdf57603

mipsel architecture (MIPS (Little Endian))


Size/MD5 checksum: 145522 d9ab5a31361170b1929e5e3fc8d3737f

Size/MD5 checksum: 901150 93a76c67627dcede38ede95ef0dbab24

Size/MD5 checksum: 379500 cdd76a729549920fa7c43ad34904876a

Size/MD5 checksum: 3312100 42d95093bed6583e44f9ada333663b96

Size/MD5 checksum: 97214 7ac3fe244d75bd86ed505057c88b38b5

Size/MD5 checksum: 50087916 974829f5edf774ccad8a7960db5c504f

Size/MD5 checksum: 70344 f53cab5743dd5d1909e5258715cd1086

Size/MD5 checksum: 7389996 f1b3960ade2639292a0da9fcbd61f02c

Size/MD5 checksum: 223582 edc6ad64cd525b4daae6fd999c8d19d7

powerpc architecture (PowerPC)


Size/MD5 checksum: 94838 a4e8fa67eeaff37d5a446e77267258c9

Size/MD5 checksum: 363960 2d4c97ca00e68f6bd6e27afd48de5f1f

Size/MD5 checksum: 7310408 1d29190b38183dc74fa0875ff711ffd3

Size/MD5 checksum: 153028 670b97cca442bed3a3e4650e2627009f

Size/MD5 checksum: 51515576 c4c9a54f4a99ba7091101e110e28f017

Size/MD5 checksum: 73840 becb987c75679d68d168a0cc48c74808

Size/MD5 checksum: 3594708 66e0554415ceeebf5d82dce11fbc7085

Size/MD5 checksum: 223610 a449f47ed74e8b0b63bea10db09a426d

Size/MD5 checksum: 889260 a38eca26e981a4a6f3b6d4ee66a5844b

s390 architecture (IBM S/390)


Size/MD5 checksum: 8428652 b9c392806759ca7581f0f145b99de35a

Size/MD5 checksum: 223378 1be85952bf41e41bf5b54731b33a3ab6

Size/MD5 checksum: 3609788 9487f101466ff241d70aae1fe3065833

Size/MD5 checksum: 51305860 158c80447223be1274ba3989c40c9c66

Size/MD5 checksum: 105898 710c5b7e247627f1b71d0f45fadc6f49

Size/MD5 checksum: 909890 cc44415e624fb85ec0c15701ad9323f4

Size/MD5 checksum: 155634 9bf9c3e1112b7e375c093344811ad80e

Size/MD5 checksum: 407812 d8a32aaca5153e1a7b1a16eb845adeca

Size/MD5 checksum: 73694 4c6e5f8fe51261b53bedf2c2a86c253b

sparc architecture (Sun SPARC/UltraSPARC)


Size/MD5 checksum: 350814 3fca198c20594b5186c6af4374137441

Size/MD5 checksum: 3573188 4e66692a21ba0b801e0738755622b32d

Size/MD5 checksum: 822252 d8d12bad98ff28922292dd6ac0033d41

Size/MD5 checksum: 143946 62c97e42c256b5f1b00a296929dca270

Size/MD5 checksum: 69772 2589d7c12b722e1143a481c9f950830a

Size/MD5 checksum: 88688 d8ad8c57f7a2323c56030ae63d2af1a3

Size/MD5 checksum: 7185904 6decab3add2327b2e45f92b7fc11f607

Size/MD5 checksum: 224374 ce1dc6ac823828c32fd31d440590d099

Size/MD5 checksum: 49466464 5b94316f597a4c08377976e5075483c5


These files will probably be moved into the stable distribution on
its next update.