Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2075-1: New xulrunner packages fix several vulnerabilities

    Date 27 Jul 2010
    Posted By LinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2075-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    July 27, 2010               
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications. The Common Vulnerabilities
    and Exposures project identifies the following problems:
        Wladimir Palant discovered that security checks in XML processing
        were insufficiently enforced.
        Chris Evans discovered that insecure CSS handling could lead to
        reading data across domain boundaries.
        Aki Helin discovered a buffer overflow in the internal copy of
        libpng, which could lead to the execution of arbitrary code.
        "regenrecht" discovered that incorrect memory handling in DOM
        parsing could lead to the execution of arbitrary code.
        Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary
        Kwong, Tobias Markus and Daniel Holbert discovered crashes in the
        layout engine, which might allow the execution of arbitrary code.
        "JS3" discovered an integer overflow in the plugin code, which
        could lead to the execution of arbitrary code.
        Jordi Chancel discovered that the location could be spoofed to
        appear like a secured page.
        "regenrecht" discovered that incorrect memory handling in XUL
        parsing could lead to the execution of arbitrary code.
        Soroush Dalili discovered an information leak in script processing.
    For the stable distribution (lenny), these problems have been fixed in
    For the unstable distribution (sid), these problems have been fixed in
    For the experimental distribution, these problems have been fixed in
    We recommend that you upgrade your xulrunner packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:   149955 e6ec4540373a8dfbea5c1e63f5b628b2
        Size/MD5 checksum:     1755 59f9033377f2450ad114d9ee4367f9c7
        Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
    Architecture independent packages:
        Size/MD5 checksum:  1466246 a3b5c8b34df7e2077a5e3c5c0d911b85
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   165496 ad7c134eeadc1a2aa751c289052d32f1
        Size/MD5 checksum:   433152 57f7a88c05eece5c0ea17517646267bb
        Size/MD5 checksum:    72550 b581302383396b57f7e07aa4564245b3
        Size/MD5 checksum: 51155444 37595efd28303ec3a88d294b58c1e7aa
        Size/MD5 checksum:  9487312 452f2c3b26bb249711720ade76e77c3f
        Size/MD5 checksum:   223422 9ce6e6f35412321405c27618a3550763
        Size/MD5 checksum:   113478 f4946488381af317acb3bd27da3e372e
        Size/MD5 checksum:   940250 abb2d020d4cce2e5547d17dd94323cee
        Size/MD5 checksum:  3357434 a26b339fee481f1ae5494ee0983e3e75
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum: 50381710 4e6df9133e326ca7fe1d91adab87609b
        Size/MD5 checksum:  3291324 01a75923a6b796c2e1f3c02e4584072f
        Size/MD5 checksum:   152266 0a9e05d5e36920cf9cb6c9e39357679b
        Size/MD5 checksum:  7735106 eedecb0183cd911bf7416be5f61cf88e
        Size/MD5 checksum:   374604 7a71d4ce527727f43225fc1cdc6b3915
        Size/MD5 checksum:    70226 f8860e988f030333c59f893582e17da0
        Size/MD5 checksum:   890738 0db2e5b458ae1495dce575688a27ef2a
        Size/MD5 checksum:   223326 1d128ae917c5dab4e977ffb018cb704c
        Size/MD5 checksum:   101830 2bb9a62d6454d0b7ef6da98cc07b4013
    arm architecture (ARM)
        Size/MD5 checksum:   140950 d9044d5f823661f4a1ef11c47971d6e2
        Size/MD5 checksum:  3584768 6ff8221347684a334d6f358d2c8f2dcc
        Size/MD5 checksum:  6802070 e489c87976c243d040f568a8e04a7466
        Size/MD5 checksum:   351056 dd61fc5b425e296ef00120b4cfbc5604
        Size/MD5 checksum:    68552 819703fc0550ee6473572ea3655ab1f5
        Size/MD5 checksum:    84224 f3915220a86a6a31e48b845d2af7f249
        Size/MD5 checksum:   222376 cb0563f3e5220ceb6f42b8e6471eb883
        Size/MD5 checksum: 49349776 4037a4ab7eeb964c24c95fbb905edbe6
        Size/MD5 checksum:   815334 c055e242c82b7643c67712602e4f3215
    armel architecture (ARM EABI)
        Size/MD5 checksum:   822978 f8609edb961b6c71732c17575393644a
        Size/MD5 checksum:  6962470 fc143ac75279405ef99a3e045439adeb
        Size/MD5 checksum:  3583846 db81fc2e4c8a30fbaf0b176f6d7e77a5
        Size/MD5 checksum:   142446 016a6aa2efa9e49788c97bc925d90bbb
        Size/MD5 checksum:   353294 65f40d8a434c6b430685ef1a54246888
        Size/MD5 checksum: 50182030 97009b62c3d65b5e715f363d7a5a2e0c
        Size/MD5 checksum:   223380 30fd707dea85e43894c84036115920a3
        Size/MD5 checksum:    70694 e5892c32e9850d86138ebf15ad317b63
        Size/MD5 checksum:    84758 a94402fed374f82a1ffeb338cb2a4cbb
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   223614 ea284c98cc97b10b879d6174b81cb486
        Size/MD5 checksum:   899460 290c89b8835d773b8fd240f5610dc63c
        Size/MD5 checksum:    72280 1d32724f444212696e28d15dc22386af
        Size/MD5 checksum:   413386 e78a2aabb581f3f7f8da9cb531d6a883
        Size/MD5 checksum:   158762 89855347fdf8833df8fd643cfd6a2f10
        Size/MD5 checksum: 51267722 b51b03ef591a26a4bb72fb0c58e610c0
        Size/MD5 checksum:  3632562 2d9a207f01319a7bd8f3eb72b3762c77
        Size/MD5 checksum:  9523510 0f38b76b0074881d4b12823eedc40846
        Size/MD5 checksum:   106998 32d701f55bd4cc6e0f7160c3b5db43aa
    i386 architecture (Intel ia32)
        Size/MD5 checksum: 49553140 cd9fb750075df895e2ad46a8fe4c8bdf
        Size/MD5 checksum:   852228 f04ee6f2c26e9bda77477d64a13f3c53
        Size/MD5 checksum:    79554 e69019a20fc3e8750faf73961cae8a38
        Size/MD5 checksum:   224454 c7e441828615fa66d9907b6407a2b1ad
        Size/MD5 checksum:   351828 85e4711445491850841c2f05102f2bd2
        Size/MD5 checksum:  6609818 b99e5d5f75686adcea1c3570fb82ead5
        Size/MD5 checksum:  3573826 2869c274453928b8b110d8aee7dcba96
        Size/MD5 checksum:   142966 847a37421b7980378c81c5e818c2df3d
        Size/MD5 checksum:    68968 1eee7343caee6a8a23a141bf6b653fa4
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   224078 a9dc6949ac6ef39884d1cb58929e20fc
        Size/MD5 checksum:  3693822 602f37b927bc425803730a66d17e8bec
        Size/MD5 checksum:   542370 6015bef0d96154f73c32b2031c8bbf70
        Size/MD5 checksum:    77166 1a94ec379b6e210cf35c1116939fc5f7
        Size/MD5 checksum:   813100 d0cdc640bf4a68973942cf563b7f7d7b
        Size/MD5 checksum:   181192 54ef9505c0b0a0b62539dc3d983a8f83
        Size/MD5 checksum: 11340432 b833d183a5337231c512aba60e733213
        Size/MD5 checksum: 49734538 21b8086eb33e228f4a3800307a721558
        Size/MD5 checksum:   121688 1e8f51c8c5d1097d5c0e4b8fd6743ec7
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:  3611102 8f2980b314f14ff7cf1c244ed11ee638
        Size/MD5 checksum:   145574 f38aa4d16323e517d075d1de833a7a35
        Size/MD5 checksum:   380888 73bf50fdf8fd49a2251f3c13db9e0a2c
        Size/MD5 checksum:  7677088 d034f72357eb3276850bea226dfc3489
        Size/MD5 checksum:    96932 9c55e0f731b1a507e77abb54ea7c2b08
        Size/MD5 checksum:   223126 cc6d3e47d51d4a15cd05ef6af47560c2
        Size/MD5 checksum: 51902590 b9cafda15eba1ae28b5b054bd82e9d62
        Size/MD5 checksum:   919306 764f458b99647036fbdb1b36768e9b99
        Size/MD5 checksum:    70412 c674d096e73e7f353733e502bbc9cd05
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   378984 c66e5ff8815e2386755ece9c9a34b820
        Size/MD5 checksum: 50034074 88479753fa54a417df183b78d0bb6ed1
        Size/MD5 checksum:   145324 a801aeefc7fbf555ab407eaeb4c35295
        Size/MD5 checksum:    70170 3145be02d89d6e205de5d89b269b9d8d
        Size/MD5 checksum:  3311114 4dac1eff7f53b49976d984606e76afe6
        Size/MD5 checksum:   900836 6727b545324904a39f31261db59f516b
        Size/MD5 checksum:    97046 2953be8b2d4df3994abd68d6f95de215
        Size/MD5 checksum:  7384772 6666f68f98fa2cc81d9e3106c958360b
        Size/MD5 checksum:   223416 a3ad25d92dc8f8e09352bc1fbce07989
    powerpc architecture (PowerPC)
        Size/MD5 checksum:    95068 18f76fe7d470194c6320df8b42e7b09b
        Size/MD5 checksum:   888120 b426372622e1ac0164db3f25589a5447
        Size/MD5 checksum:   152544 e3b9205b45b66a3fcf4937c44897a7d8
        Size/MD5 checksum:  3285670 a63c4ce33c3f482584b32cfe50488700
        Size/MD5 checksum:  7287440 f9d042196ccedd4dfb4da6d3e45ca2b1
        Size/MD5 checksum: 51458688 a669258d296192b6bd48b68006f9b618
        Size/MD5 checksum:   223412 b900b19a182c059590bfcdb9495851ef
        Size/MD5 checksum:    73306 94fdad8b176e63c0c791d19a026ce4b0
        Size/MD5 checksum:   362778 79f1ea4633cf0147da60871533750312
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   156410 6e986f5714d7052295a32253daea02a9
        Size/MD5 checksum:    73182 f3b9b343586f554ac37e5c7c8970a28a
        Size/MD5 checksum:   407006 5919961e64253609b9eacc6a31a19b87
        Size/MD5 checksum:  8401766 a23f6d0b7ac0b83997635feff3977ac2
        Size/MD5 checksum:   223402 f08c12d85314436f6331b75e2e18b1c7
        Size/MD5 checksum:   909824 8c8c3aa62be4c19e97351562dcbe1694
        Size/MD5 checksum:  3308768 50226e505e97362404ffbe3e770775fe
        Size/MD5 checksum:   105828 1e5fc5d7be3c5ab803dd71e8391c06bb
        Size/MD5 checksum: 51242096 ebae3e5b1eb3fd2d9470cbe117b8ced9
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum: 49406432 caf251c788fe4f76679f600bd1d7b1c0
        Size/MD5 checksum:    70192 33434a3b887ac076d88c0a4e425b3c29
        Size/MD5 checksum:   144136 359a3cac1ee340f79eb9a53ac65f62ed
        Size/MD5 checksum:  7181582 4b0f8aaf9a51e7c76073afbb7ea33c6e
        Size/MD5 checksum:  3583844 11cb9b988b9eac3564f11ed310a8d77e
        Size/MD5 checksum:    84544 0646f157f384a6a1ffcc3052035d1789
        Size/MD5 checksum:   350470 1c643effc57e45c6afc964f2284cda7e
        Size/MD5 checksum:   223260 77281a13fcc78aacd93cf479621ccf74
        Size/MD5 checksum:   821854 32eba751571daa1dcd4db30e7a3b7b2c
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":28.57,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"14","type":"x","order":"3","pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.