Linux Security
Linux Security
Linux Security

Debian: DSA-1931-1: New NSPR packages fix several vulnerabilities

Date 08 Nov 2009
165
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1931-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                       Moritz Muehlenhoff
November 08, 2009                     https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : nspr
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2009-1563 CVE-2009-2463

Several vulnerabilities have been discovered in the NetScape Portable
Runtime Library, which may lead to the execution of arbitrary code. The 
Common Vulnerabilities and Exposures project identifies the following 
problems:

CVE-2009-1563

    A programming error in the string handling code may lead to the
    execution of arbitrary code.

CVE-2009-2463

    An integer overflow in the Base64 decoding functions may lead to
    the execution of arbitrary code.

The old stable distribution (etch) doesn't contain nspr.

For the stable distribution (lenny), these problems have been fixed in
version 4.7.1-5.

For the unstable distribution (sid) these problems have been fixed in
version 4.8.2-1.

We recommend that you upgrade your NSPR packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  https://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1.orig.tar.gz
    Size/MD5 checksum:  1258177 55c62ede0e510c6df9bfcc8ac9cffd0c
  https://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.dsc
    Size/MD5 checksum:     1133 a0ba001408f4751f3c80f02334e188b1
  https://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.diff.gz
    Size/MD5 checksum:    28285 a3240caf8899d497312ae5f915dd353d

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_alpha.deb
    Size/MD5 checksum:   145524 a953d83466dc08e5c64f3fac93dcc8c6
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_alpha.deb
    Size/MD5 checksum:   284688 29fdeff7a43ac466efd2ddec8497dcde
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_alpha.deb
    Size/MD5 checksum:   313328 60eff12d86eef930d01b16ca9bcee432

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_amd64.deb
    Size/MD5 checksum:   134452 e8362f7bfb9ad25178fc3b58c8888794
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_amd64.deb
    Size/MD5 checksum:   290938 1bda17f94f3e960dcdad04772329ad14
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_amd64.deb
    Size/MD5 checksum:   271976 fa0750a3a8762075901a8f06fbf21495

arm architecture (ARM)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_arm.deb
    Size/MD5 checksum:   276952 6a072a062f7e9c2db1b43338a3955bdc
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_arm.deb
    Size/MD5 checksum:   119436 89f1a236d10d78229627fd762bc67a3e
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_arm.deb
    Size/MD5 checksum:   255602 9da2dc9c312cf7901f7aeb1f710e507f

armel architecture (ARM EABI)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_armel.deb
    Size/MD5 checksum:   120734 b71745bf5877be82a349885592037d78
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_armel.deb
    Size/MD5 checksum:   282114 cc3def69b457c54f2e13bd6c57090477
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_armel.deb
    Size/MD5 checksum:   258072 62328078c188bc87f5039c2e5a9b5674

hppa architecture (HP PA RISC)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_hppa.deb
    Size/MD5 checksum:   141442 eec30b4a587f8f93eda26b9376bb34e3
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_hppa.deb
    Size/MD5 checksum:   285916 43fac9fb0eaa79036d9b302db5521781
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_hppa.deb
    Size/MD5 checksum:   279668 db56b3a1adbdedc308936e6ef50f5260

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_i386.deb
    Size/MD5 checksum:   259796 f36c9a52738ee56aedd05e18461e0c1f
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_i386.deb
    Size/MD5 checksum:   124188 adff22c50d9a64ed8bf7b6e2c2edc992
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_i386.deb
    Size/MD5 checksum:   281648 9896df215653b33de9ce1f8529c1daea

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_ia64.deb
    Size/MD5 checksum:   331678 5055f6bcbcbb72a48b9c15f21149fee9
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_ia64.deb
    Size/MD5 checksum:   271188 3e12dcca1457d95601c2d4991e9981f9
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_ia64.deb
    Size/MD5 checksum:   184152 3575ec187b5219f9c71c6eee5a5474a0

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mips.deb
    Size/MD5 checksum:   296890 5f45b168d496b884c79bfb5c46462d5f
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mips.deb
    Size/MD5 checksum:   279162 0b5e93aabae4bfc387c7093153abbec2
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mips.deb
    Size/MD5 checksum:   126054 5e484999ac3044b87656dd46115f63a1

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mipsel.deb
    Size/MD5 checksum:   291178 fd5a7aded6225e30eedf987f44a16fea
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mipsel.deb
    Size/MD5 checksum:   277004 a4f26928866934db999796be4012a7a2
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mipsel.deb
    Size/MD5 checksum:   125256 71836594904db6f154ac3eb89cbbfddb

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_powerpc.deb
    Size/MD5 checksum:   268738 5daed1f2d5921e736c7f15d6727b8959
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_powerpc.deb
    Size/MD5 checksum:   139154 34b602d43792afbf7f2ccde07d0687bf
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_powerpc.deb
    Size/MD5 checksum:   292090 e6a310b883c7aa5b6f72bf0cc0683305

s390 architecture (IBM S/390)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_s390.deb
    Size/MD5 checksum:   275458 50b5bf15fe31a8d6668fe018d7062ad8
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_s390.deb
    Size/MD5 checksum:   142530 b9a983def8be1e116f9736564e49162f
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_s390.deb
    Size/MD5 checksum:   295420 f3c3352862c2390f8c03724f77cf1158

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_sparc.deb
    Size/MD5 checksum:   119318 cc152c3f1a1f625bfcbc72ea92cdd953
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_sparc.deb
    Size/MD5 checksum:   266168 55a3913c9d30a8b0c1639e999e4c3582
  https://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_sparc.deb
    Size/MD5 checksum:   253360 d8969537d73b20300591d3d956b5b301


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and https://packages.debian.org/

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":82.69,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.69,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.62,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.