Debian: DSA-1931-1: New NSPR packages fix several vulnerabilities

    Date08 Nov 2009
    CategoryDebian
    49
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1931-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    November 08, 2009                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : nspr
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2009-1563 CVE-2009-2463
    
    Several vulnerabilities have been discovered in the NetScape Portable
    Runtime Library, which may lead to the execution of arbitrary code. The 
    Common Vulnerabilities and Exposures project identifies the following 
    problems:
    
    CVE-2009-1563
    
        A programming error in the string handling code may lead to the
        execution of arbitrary code.
    
    CVE-2009-2463
    
        An integer overflow in the Base64 decoding functions may lead to
        the execution of arbitrary code.
    
    The old stable distribution (etch) doesn't contain nspr.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 4.7.1-5.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 4.8.2-1.
    
    We recommend that you upgrade your NSPR packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1.orig.tar.gz
        Size/MD5 checksum:  1258177 55c62ede0e510c6df9bfcc8ac9cffd0c
      http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.dsc
        Size/MD5 checksum:     1133 a0ba001408f4751f3c80f02334e188b1
      http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.diff.gz
        Size/MD5 checksum:    28285 a3240caf8899d497312ae5f915dd353d
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_alpha.deb
        Size/MD5 checksum:   145524 a953d83466dc08e5c64f3fac93dcc8c6
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_alpha.deb
        Size/MD5 checksum:   284688 29fdeff7a43ac466efd2ddec8497dcde
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_alpha.deb
        Size/MD5 checksum:   313328 60eff12d86eef930d01b16ca9bcee432
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_amd64.deb
        Size/MD5 checksum:   134452 e8362f7bfb9ad25178fc3b58c8888794
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_amd64.deb
        Size/MD5 checksum:   290938 1bda17f94f3e960dcdad04772329ad14
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_amd64.deb
        Size/MD5 checksum:   271976 fa0750a3a8762075901a8f06fbf21495
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_arm.deb
        Size/MD5 checksum:   276952 6a072a062f7e9c2db1b43338a3955bdc
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_arm.deb
        Size/MD5 checksum:   119436 89f1a236d10d78229627fd762bc67a3e
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_arm.deb
        Size/MD5 checksum:   255602 9da2dc9c312cf7901f7aeb1f710e507f
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_armel.deb
        Size/MD5 checksum:   120734 b71745bf5877be82a349885592037d78
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_armel.deb
        Size/MD5 checksum:   282114 cc3def69b457c54f2e13bd6c57090477
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_armel.deb
        Size/MD5 checksum:   258072 62328078c188bc87f5039c2e5a9b5674
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_hppa.deb
        Size/MD5 checksum:   141442 eec30b4a587f8f93eda26b9376bb34e3
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_hppa.deb
        Size/MD5 checksum:   285916 43fac9fb0eaa79036d9b302db5521781
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_hppa.deb
        Size/MD5 checksum:   279668 db56b3a1adbdedc308936e6ef50f5260
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_i386.deb
        Size/MD5 checksum:   259796 f36c9a52738ee56aedd05e18461e0c1f
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_i386.deb
        Size/MD5 checksum:   124188 adff22c50d9a64ed8bf7b6e2c2edc992
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_i386.deb
        Size/MD5 checksum:   281648 9896df215653b33de9ce1f8529c1daea
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_ia64.deb
        Size/MD5 checksum:   331678 5055f6bcbcbb72a48b9c15f21149fee9
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_ia64.deb
        Size/MD5 checksum:   271188 3e12dcca1457d95601c2d4991e9981f9
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_ia64.deb
        Size/MD5 checksum:   184152 3575ec187b5219f9c71c6eee5a5474a0
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mips.deb
        Size/MD5 checksum:   296890 5f45b168d496b884c79bfb5c46462d5f
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mips.deb
        Size/MD5 checksum:   279162 0b5e93aabae4bfc387c7093153abbec2
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mips.deb
        Size/MD5 checksum:   126054 5e484999ac3044b87656dd46115f63a1
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mipsel.deb
        Size/MD5 checksum:   291178 fd5a7aded6225e30eedf987f44a16fea
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mipsel.deb
        Size/MD5 checksum:   277004 a4f26928866934db999796be4012a7a2
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mipsel.deb
        Size/MD5 checksum:   125256 71836594904db6f154ac3eb89cbbfddb
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_powerpc.deb
        Size/MD5 checksum:   268738 5daed1f2d5921e736c7f15d6727b8959
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_powerpc.deb
        Size/MD5 checksum:   139154 34b602d43792afbf7f2ccde07d0687bf
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_powerpc.deb
        Size/MD5 checksum:   292090 e6a310b883c7aa5b6f72bf0cc0683305
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_s390.deb
        Size/MD5 checksum:   275458 50b5bf15fe31a8d6668fe018d7062ad8
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_s390.deb
        Size/MD5 checksum:   142530 b9a983def8be1e116f9736564e49162f
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_s390.deb
        Size/MD5 checksum:   295420 f3c3352862c2390f8c03724f77cf1158
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_sparc.deb
        Size/MD5 checksum:   119318 cc152c3f1a1f625bfcbc72ea92cdd953
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_sparc.deb
        Size/MD5 checksum:   266168 55a3913c9d30a8b0c1639e999e4c3582
      http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_sparc.deb
        Size/MD5 checksum:   253360 d8969537d73b20300591d3d956b5b301
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.