Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1756-1: New xulrunner packages fix multiple vulnerabilities

    Date 29 Mar 2009
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1756-1                This email address is being protected from spambots. You need JavaScript enabled to view it.                         Noah Meyerhans
    March 29, 2009            
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : multiple
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-1169 CVE-2009-1044
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications, such as the Iceweasel web
    browser. The Common Vulnerabilities and Exposures project identifies
    the following problems:
        Security researcher Guido Landi discovered that a XSL stylesheet could
        be used to crash the browser during a XSL transformation. An attacker
        could potentially use this crash to run arbitrary code on a victim's
        Security researcher Nils reported via TippingPoint's Zero Day Initiative
        that the XUL tree method _moveToEdgeShift was in some cases triggering
        garbage collection routines on objects which were still in use. In such
        cases, the browser would crash when attempting to access a previously
        destroyed object and this crash could be used by an attacker to run
        arbitrary code on a victim's computer.
    Note that after installing these updates, you will need to restart any
    packages using xulrunner, typically iceweasel or epiphany.
    For the stable distribution (lenny), these problems have been fixed in version
    As indicated in the Etch release notes, security support for the
    Mozilla products in the oldstable distribution needed to be stopped
    before the end of the regular Etch security maintenance life cycle.
    You are strongly encouraged to upgrade to stable or switch to a still
    supported browser.
    For the unstable distribution (sid), these problems have been fixed in
    We recommend that you upgrade your xulrunner package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Debian (stable)
    - ---------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     1777 be107e8cce28d09395d6c2b0e2880e0b
        Size/MD5 checksum: 43683292 f49b66c10e021debdfd9cd3705847d9b
        Size/MD5 checksum:   115665 4886b961a24c13d9017e8f261b7a4ad4
    Architecture independent packages:
        Size/MD5 checksum:  1480030 c12b4d6d534c0f12ec8e19760ca52a9b
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    69048 cbcfc3f9addacdd2a6641980876910f1
        Size/MD5 checksum:  7725982 c5075bc0634cb5b2cfc8b64649f9511e
        Size/MD5 checksum:  3587626 1ce3de601c764c9bfb0c3998566f2baa
        Size/MD5 checksum:   887434 d373f8ed294bc6184a188bc820e04d6b
        Size/MD5 checksum:   220394 8ac87390e12115281d335b8773fb5733
        Size/MD5 checksum:   152152 76761d21f53d017af1ff349e528664ea
        Size/MD5 checksum:   372048 ba88e43241ab33621169f2e352bdf634
        Size/MD5 checksum: 50084206 d44a3028e5049f2b8051a5f6ed632fe6
        Size/MD5 checksum:   100434 d20e7c595e15ca0831d62d13d19c9d25
    arm architecture (ARM)
        Size/MD5 checksum:   814182 2fe30b4c614a8dad20d6daa5e8156193
        Size/MD5 checksum:    83324 b2b5e1e0850ceb17bf60471435a751f8
        Size/MD5 checksum:  6786494 017302b5a56bdd55d3d1ffe18bd61832
        Size/MD5 checksum: 49032638 2343b97ac1a895a00c65d7c7d4854bf3
        Size/MD5 checksum:    67078 5891e17e7a7abe4b9b3ff3b06d1c5bf8
        Size/MD5 checksum:   348306 7cacc5c36e3139afa7e93cce23e55bdc
        Size/MD5 checksum:   141074 ddfcdb101f24b626caede43f36667ebb
        Size/MD5 checksum:   222552 099c35e0a9fc845e12d97e05dc5cefbe
        Size/MD5 checksum:  3577622 a45883aa5a860e9ceaccd1507b1e2b4d
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   106132 b21e7b60ef507b75d4e75cecf01507b4
        Size/MD5 checksum:   409632 8ad83b2450a8224287708d08fb0e3349
        Size/MD5 checksum:   222406 cc644de6ffb2987c4d3290760d851c3f
        Size/MD5 checksum: 50959494 30e6201361ab450cce9c1ae5767b7d00
        Size/MD5 checksum:   900224 98b504ea16f93598810cff8dd753c7cc
        Size/MD5 checksum:  3625060 bb06476c2dfef959c573a67f910f500a
        Size/MD5 checksum:    71008 d61063712c37cfde51b3944f1dbd311f
        Size/MD5 checksum:   157864 c9b9587d5b0582b35a1ccff76445f13f
        Size/MD5 checksum:  9487824 ebcb840996d1d69d6836e6d1aec2f81d
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  6581370 480961b3e126e36c1d4087df2c2fb6d9
        Size/MD5 checksum:   141498 729642753ad2a51d17983b3583f740b6
        Size/MD5 checksum:  3572938 f0bf3224b2c681417ba6dd8dcac5f96d
        Size/MD5 checksum:   846308 06e3b0690f2f3a868375f4d58a7b8614
        Size/MD5 checksum:   348812 acc2f219abb68286432720315861ed53
        Size/MD5 checksum:    82002 77b4ffe73322bf5ead4bc24ee3fc76d2
        Size/MD5 checksum:   222556 85fee1ce9133cb7ab9ce99f62b70e447
        Size/MD5 checksum:    67810 0eb6b02984351fa3bf02640d7ff1d4e6
        Size/MD5 checksum: 49248242 64fb21f6c3a2411743222fc26e304b76
    ia64 architecture (Intel ia64)
        Size/MD5 checksum: 49419026 7cb040fbbef113cd5c8a1c5c443df6fd
        Size/MD5 checksum:   179458 82249a7cb150fce22af5f5681d3164fe
        Size/MD5 checksum: 11270206 be3c0b80f22210fa2a53236cbde9ceb9
        Size/MD5 checksum:   538492 e75c766e0666c1604805f8c4c97cc256
        Size/MD5 checksum:    75446 94f2c55150101f7a5811c9429364bd1b
        Size/MD5 checksum:   222198 62ba8960b8326d21523dc7c76cc1f9d8
        Size/MD5 checksum:   808982 3038817adea449b7715164cad73a5f16
        Size/MD5 checksum:  3391518 26decf00e4fb05e3dbfc61c9dd933f5b
        Size/MD5 checksum:   120932 e3af6d0b86f8d21a9fbb43986a5c79b3
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   914808 749779b5620ceffb2845ac170699a866
        Size/MD5 checksum:   221900 63c93f91cf4ee34e307bd06c5675c460
        Size/MD5 checksum:   377372 1c527a4b63e3eb729124f54764261310
        Size/MD5 checksum: 51596012 c6b8d6fed635039a75e553a59164b0de
        Size/MD5 checksum:  7652050 4464324acfeaf2019722f4bddc980a64
        Size/MD5 checksum:   144160 3217dab8582a83c2e8db5ed0a2894c9a
        Size/MD5 checksum:    69328 7d17be8a925e42469ce3d46009eb0437
        Size/MD5 checksum:  3607854 683f1204c14aa14f72927e2babf2afc2
        Size/MD5 checksum:    96506 95148e457d3a554935ae2771553378d8
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   896502 7293da4f42af7c5faadaff3d00e024ad
        Size/MD5 checksum:   222202 8ab7c65e1b6e67481b885951bf7b06ee
        Size/MD5 checksum:    96170 02b28ff5c4af5b3c5ab241e6ada57895
        Size/MD5 checksum:   144424 34f4f9236099f217f309dd3404cd32fc
        Size/MD5 checksum:   375064 c324513cb22e6bf942308fec5d6ffc44
        Size/MD5 checksum:  3303026 c9f09e3ac15cea9522e16d7606832417
        Size/MD5 checksum:  7359744 20955f26918492c6060f5196608cecca
        Size/MD5 checksum:    68948 e564d5ad298fa7f2eb43c3d142421b23
        Size/MD5 checksum: 49718170 f305c87d9f9f0a4bb25c782fbca0e553
    powerpc architecture (PowerPC)
        Size/MD5 checksum: 51145940 d4450ede3188d085537b34912a130fc8
        Size/MD5 checksum:   222214 a193661cfee9a9baf937e51fa8927852
        Size/MD5 checksum:  7259520 7a5a2eb42cf43a3859c886f6604e7bb0
        Size/MD5 checksum:    94176 0f27b080d4ef6e907e97926d9bde09d8
        Size/MD5 checksum:   151634 eb3b55bb033dd21e3a395b5455fed3a3
        Size/MD5 checksum:    72114 856bcc9a079008a00f502c037f7e075b
        Size/MD5 checksum:  3278706 141fbb356a9b0ee7ddee52b32b250021
        Size/MD5 checksum:   359602 e678dd18f6fac0aad286a5d455e6d84f
        Size/MD5 checksum:   885062 6682354b8d0e8f25e6897bcfee801579
    s390 architecture (IBM S/390)
        Size/MD5 checksum: 50926930 5066e277c6bb2f1435cd92ba4c09dc8f
        Size/MD5 checksum:   222190 c62253da00b92ab339f524ef6d525767
        Size/MD5 checksum:   404064 4f0c71caf3242ca9f1878ac6df71b414
        Size/MD5 checksum:   104972 ecefd67cf04623d0bd9deb66645ece52
        Size/MD5 checksum:   155536 33869ff68336fde0594bb45661f85c03
        Size/MD5 checksum:  3300930 9cf7bde0ab1e0c507566a88fd2a6562f
        Size/MD5 checksum:   906248 a03086436351f5085905acd1d4084f40
        Size/MD5 checksum:  8371150 b731e930186033123c928eeb52c186ba
        Size/MD5 checksum:    71936 426ddd3166525fdf235448bddcba413b
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:    68258 8c14ad467b7a590f0262ad0636b7a90b
        Size/MD5 checksum:    87020 d7241f5f6ae1a92e9bfe819955c42b88
        Size/MD5 checksum:  3571244 a50b84de8fe3f268e33882b5b325945d
        Size/MD5 checksum:   817342 554bd07b8f90071d36ac57c01c24b6a9
        Size/MD5 checksum:   220812 1edcd284a1520e8fdfdf68f015dd2211
        Size/MD5 checksum:  7152698 d33c5b929d5d98a02f0ce021b5bb1531
        Size/MD5 checksum:   346378 e617288c62da4165ed5230adbc9d7890
        Size/MD5 checksum:   141340 606be0ab05095515bbb3070d7543e1ca
        Size/MD5 checksum: 49112986 1c799dc5e9059379adadf2380bf5d0e2
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.