Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2064-1: New xulrunner packages fix several vulnerabilities

    Date 27 Jun 2010
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2064-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    June 27, 2010               
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0183 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202
    Several remote vulnerabilities have been discovered in Xulrunner, a 
    runtime environment for XUL applications. The Common Vulnerabilities
    and Exposures project identifies the following problems:
        "wushi" discovered that incorrect pointer handling in the frame
        processing code could lead to the execution of arbitrary code.
        "Nils" discovered that an integer overflow in DOM node parsing could
        lead to the execution of arbitrary code.
        Ilja von Sprundel discovered that incorrect parsing of
        Content-Disposition headers could lead to cross-site scripting.
        Microsoft engineers discovered that incorrect memory handling in the
        interaction of browser plugins could lead to the execution of
        arbitrary code.
        Martin Barbella discovered that an integer overflow in XSLT node
        parsing could lead to the execution of arbitrary code.
        Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben
        Turner, Jonathan Kew and David Humphrey discovered crashes in the
        layout engine, which might allow the execution of arbitrary code.
        "boardraider" and "stedenon" discovered crashes in the layout engine,
        which might allow the execution of arbitrary code.
        Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes
        in the Javascript engine, which might allow the execution of arbitrary
    For the stable distribution (lenny), these problems have been fixed in
    For the unstable distribution (sid), these problems have been fixed in
    For the experimental distribution, these problems have been fixed in
    We recommend that you upgrade your xulrunner packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
        Size/MD5 checksum:     1755 417c6652438319f99497be2d751a8173
        Size/MD5 checksum:   131694 adaff492562749fc0deb0b3a9aa98a6a
    Architecture independent packages:
        Size/MD5 checksum:  1465474 9147fba7fd01e7692ce317eee6df74ed
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:  9484704 ccb788e476329f5d8601ac46c3324402
        Size/MD5 checksum:   223352 d935848a008a633456abab7eb6408673
        Size/MD5 checksum:   433056 9b05559c9e7dceaa71e7470419ccd2ef
        Size/MD5 checksum:   940244 309d3d7cc8e1551081ec0249656d2ce9
        Size/MD5 checksum:   165414 2672110161283eec4d2cb9b1b7bd245b
        Size/MD5 checksum:   113404 b58e8e0c45c434df5e96e821bb17aedc
        Size/MD5 checksum: 51139568 b363f55880ffd0b827379edbb3f0602b
        Size/MD5 checksum:    72496 637eb8ed29c6ebb843151c7628f66869
        Size/MD5 checksum:  3356878 63c85461418061e8987bacfc76caf62f
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   890602 00af69b2dffb6d7a61e18efc0b226b74
        Size/MD5 checksum:  7732578 58fc9b422b09d3faa026bc95ed065edb
        Size/MD5 checksum:   152220 d675895b72aa8e6bbf35d2c5c09849d3
        Size/MD5 checksum:   101778 60ab2e8035019d73c6f3b1363c52d597
        Size/MD5 checksum:   374562 c2d65837de4ab1793033fcb604c57f64
        Size/MD5 checksum:    70170 088bba00712801bf522dbb2e1b81d031
        Size/MD5 checksum:  3290310 0684b22dad0402705db3850a4572eb55
        Size/MD5 checksum:   223252 983d0009fcb3aff8ab0e61acda30e73e
        Size/MD5 checksum: 50368084 449665d4b1348ee262b09aa01c10ca2f
    arm architecture (ARM)
        Size/MD5 checksum:    84154 c38cf0e79bc8fc7b4459dba239e0f633
        Size/MD5 checksum:  6799136 6b0eb2cbcab63d0c4a2dcbd77ca5de12
        Size/MD5 checksum:   222308 052db8a2b1ff4954054146106173c39e
        Size/MD5 checksum: 49322578 56c89f3d0c6a6d3317a371a2add64129
        Size/MD5 checksum:   815382 6a48ade57480ab360b4d8308538c753a
        Size/MD5 checksum:    68488 7d1cd5f9ef7b884d1bfe0a0ad96e62a3
        Size/MD5 checksum:   140892 3630b02fa23def97a0393bcb4edf9c28
        Size/MD5 checksum:  3583726 3f43328bfefd3dc1ec3790cacf7b4c4c
        Size/MD5 checksum:   350918 3c294e0a24835cc97a727bcbf8f0e247
    armel architecture (ARM EABI)
        Size/MD5 checksum:    69978 937428415481c1976e599b338562bcf5
        Size/MD5 checksum:   223614 8fd71a0c2ea76fa0d22ee7217709e658
        Size/MD5 checksum:  6958220 96188e513073e23576641f76f8122577
        Size/MD5 checksum:  3581070 b74bbbe6b208b96ed6cb8a29255df522
        Size/MD5 checksum:   822336 acd000d0d058940363e086b0bf74ca89
        Size/MD5 checksum: 50161620 0d52664ef75395be9c4c303d6e01c75d
        Size/MD5 checksum:   141432 8374f4999c95a85af32373e6454e4556
        Size/MD5 checksum:   353252 d2fef0d7e42e071da38500952bac25a0
        Size/MD5 checksum:    84468 e88ffba8ed74f94a4e857cf92c4990fe
    hppa architecture (HP PA RISC)
        Size/MD5 checksum: 51253494 494d60aef7e2d7860e0a300907c3bf8d
        Size/MD5 checksum:   106944 6091943971bec65a5aa53583b15090c3
        Size/MD5 checksum:   413270 05e1bc9367c11dbff9733d0f7c8dbb2c
        Size/MD5 checksum:   223546 26946f1a97c1323c522cf4f206f15be7
        Size/MD5 checksum:   158712 a5d03f9c671ca98f97283a077a025a02
        Size/MD5 checksum:    72230 366cfa2959438258c951e65268a701ea
        Size/MD5 checksum:   899556 cabb8ccc698d3fd4885583606b901736
        Size/MD5 checksum:  9517606 e70e8173e428f4e7ac292ec75b6616b1
        Size/MD5 checksum:  3631282 c0207a8714ba380f339144d7763f978f
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  6605590 435fc0a456535eada574d09179cf697e
        Size/MD5 checksum:    68370 a6aff46291d47363210ba869def030c4
        Size/MD5 checksum:   140990 000267e271547d136052f6f51df4922e
        Size/MD5 checksum:  3569886 fb82669f63f637bd004652f22323b050
        Size/MD5 checksum:   852136 c073bc6e0a84b8b449f2ac4a6835cfc6
        Size/MD5 checksum:    82772 ca7763ef6791fcf37163b4ffd9a8faab
        Size/MD5 checksum:   351188 778ea8dc4ba55afa057f227bc7040caa
        Size/MD5 checksum:   222150 c75a359f4230c6e731c98b0a637757ee
        Size/MD5 checksum: 49537814 cb1c1548047447465a1fb5b0eeb00374
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   543316 d53f87afd74d7c521b790f932f671078
        Size/MD5 checksum:   120786 6a400d3187c7dc38584de9f3de429cf6
        Size/MD5 checksum: 49720446 c2990e1293bbf5d2111f91c8a97ec3ec
        Size/MD5 checksum:    76478 192e115017a1f3eebc0a8c5c99704f6d
        Size/MD5 checksum:   179644 41788aab793a0cc10c25c0c107706b0d
        Size/MD5 checksum: 11307860 f49d046a5aa64d33878feedea7e3ec5d
        Size/MD5 checksum:  3392470 596baf4e48701811bc77d8d9cdabed55
        Size/MD5 checksum:   223242 296a200cb10263e6f61e47c4e2cb3a3b
        Size/MD5 checksum:   810068 54a2ed9c1025cbf453b0be47990d8622
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   145350 b58696b904f82ed7fb7237766503743c
        Size/MD5 checksum:  7672140 c11eea29282f7afa80e9f82e7e864052
        Size/MD5 checksum: 51883884 238e6833eaccc9fe353826ec2e2ea70b
        Size/MD5 checksum:   379844 01d3e756d62776e2c01f8871470bee57
        Size/MD5 checksum:    96276 c113eb6863dd2c1bdefe71bf884eb661
        Size/MD5 checksum:   222384 5486230dfa7ae2eab6f8068fa21bf76e
        Size/MD5 checksum:  3607762 64fd108d8b6a0aaf6b519d89e7e3a4f2
        Size/MD5 checksum:    69512 b37b38fecb8aa8b86ee8d6cb6ec2f5b4
        Size/MD5 checksum:   918302 dd1004ee4c0c6999d215a39e38d9a4d9
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:    96982 183bdcf817805540cdf6015ae0b85a83
        Size/MD5 checksum:   145246 d845585edb7d3f5c8144f13854fc8606
        Size/MD5 checksum:   378882 b9d2d689539ed6fc53dc7f44ae6bf54b
        Size/MD5 checksum:  7382594 09afb7262cf650330c586648ae4c6fd3
        Size/MD5 checksum:  3310262 f344b5fe156e20fbcd36484a9d993284
        Size/MD5 checksum:   900882 e68c0075ca23ce8b0986822ef05eb643
        Size/MD5 checksum:   223348 8319e80747bc288ab3f44db2d04f142e
        Size/MD5 checksum: 50006906 8b794da4ab347acf7565b861bb88b897
        Size/MD5 checksum:    70122 58b6f926ff60210626229f470421b62e
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  3592536 7551dfd63a7b43e9a1669da97e5593a9
        Size/MD5 checksum:   888570 97a2be2273abd565933a3a8d399182f4
        Size/MD5 checksum:   363526 2f863c8631dbdee8f47cce05cb783fe1
        Size/MD5 checksum: 51437824 21d72b750e6bb60525e37bbb80cddb24
        Size/MD5 checksum:  7306516 c87d2e02134a094864f5b855f52d8439
        Size/MD5 checksum:   152786 890104ba8be602a5f16d4dc338a1c9c0
        Size/MD5 checksum:   223370 ef8da6ed4bb453367301918aa1c0eb80
        Size/MD5 checksum:    73574 bb59623bcbb45bd6c898090281ebb50f
        Size/MD5 checksum:    94584 0d6e75fc74b64d0034a8375c7ca28eb8
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  3607064 40f70e8bbc8c8825a9da4f4eecc7ef83
        Size/MD5 checksum:  8418766 8f4d975d1d06d70ded82311b7b7aaa64
        Size/MD5 checksum: 51216094 db3f0645c964f2978b9dcadaa7377f24
        Size/MD5 checksum:   105648 4d55f5f22ac553181f499d0519788b87
        Size/MD5 checksum:   407360 10f44ee635484dcf058c93a930a9db17
        Size/MD5 checksum:   909424 a659639cb459491110a02f04d1568860
        Size/MD5 checksum:   155384 310aa3e4a80f88deb24adc2143485a09
        Size/MD5 checksum:   223126 a2404446949c11207551549f700297e8
        Size/MD5 checksum:    73426 bf629f49c166ee1241f68578479a00f5
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   222506 4b66d7353c58a79af12c706c2791ca4a
        Size/MD5 checksum:  3569724 c70447e9c1d9a34deab3d23f81cfd8b5
        Size/MD5 checksum:    88464 a52b143930867a5e7a5706ee7fb22336
        Size/MD5 checksum:   821862 36bfba9ec0a1fdf8610d78296d9465ac
        Size/MD5 checksum:   143382 bc21e94220ea092643657d387a02d4c8
        Size/MD5 checksum:   350410 d3bd6721ded9caa19c8686a6513f3b22
        Size/MD5 checksum:    69614 b8f344735b818b6ebb90edde9896851f
        Size/MD5 checksum: 49386956 988b0a0395fc50425cf1bf03bda46e2d
        Size/MD5 checksum:  7174040 5fb3f68909ceddba12950c4e0446d17d
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.