Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2106-2: New xulrunner packages fix regression

    Date 19 Sep 2010
    Posted By LinuxSecurity Advisories
    DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2106-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Stefan Fritsch
    September 19, 2010          
    - ------------------------------------------------------------------------
    Package        : xulrunner
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169
    DSA-2106-1 introduced a regression that could lead to an application
    crash.  This update fixes this problem.  For reference, the text of
    the original advisory is provided below.
    Several remote vulnerabilities have been discovered in Xulrunner, a
    runtime environment for XUL applications. The Common Vulnerabilities
    and Exposures project identifies the following problems:
    - - Implementation errors in XUL processing allow the execution of
      arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)
    - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
      the bypass of the same origin policy (CVE-2010-2763)
    - - An integer overflow in frame handling allows the execution of
      arbitrary code (CVE-2010-2765)
    - - An implementation error in DOM handling allows the execution of
      arbitrary code (CVE-2010-2766)
    - - Incorrect pointer handling in the plugin code allow the execution of
      arbitrary code (CVE-2010-2767)
    - - Incorrect handling of an object tag may lead to the bypass of cross
      site scripting filters (CVE-2010-2768)
    - - Incorrect copy and paste handling could lead to cross site scripting
    - - Crashes in the layout engine may lead to the execution of arbitrary
      code (CVE-2010-3169)
    For the stable distribution (lenny), the problem has been fixed in 
    version The packages for the mips architecture are not
    included in this update. They will be released as soon as they become
    We recommend that you upgrade your xulrunner packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
        Size/MD5 checksum:     1755 ec1bbbbd68484fd56658004d35660079
        Size/MD5 checksum:   163246 2c2544dd4c410435fa0c80a337471b3f
    Architecture independent packages:
        Size/MD5 checksum:  1482996 863ccb72f1a414ed13bd27405afba771
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:   164820 a3c3627598bfccbd464b12afc9fd1518
        Size/MD5 checksum: 51198504 3d8d5f458c570c8a269865747845b000
        Size/MD5 checksum:    72756 d7d444c19f110c887596e8c6c1a52aaf
        Size/MD5 checksum:   433826 32e8706fe2a306c1f9908a620246c83a
        Size/MD5 checksum:   223118 90e749bb96774053f296271a5b8eb0ba
        Size/MD5 checksum:  9506608 5026aba96d3ace32f1c178fc94316eee
        Size/MD5 checksum:  3656240 9b19520d0180d224d4df695d22c9df23
        Size/MD5 checksum:   939550 e33c90da76aba433f506bac4852f8590
        Size/MD5 checksum:   113604 6e3ab285138ff64e0a4899cb827c6f2f
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum: 50443192 60952c4d1272b7d54a4b35598d9da9d8
        Size/MD5 checksum:   102114 2630d71984e9c30fa2746f456a796cd2
        Size/MD5 checksum:    70732 48884179fb002f92523ce7bfd6798084
        Size/MD5 checksum:   223858 b6eb38fe9289d8833d543b82fe4bfb5a
        Size/MD5 checksum:   889010 4dd57cef68b3d1c79b5f59d454b9bef6
        Size/MD5 checksum:   375468 ecf7e48691e5c25d2bc0c595e6c36cfe
        Size/MD5 checksum:   151934 6ee561d1343bf016cd414f06a94f3e60
        Size/MD5 checksum:  7760866 3c73945a0610ccea86c76196a7c79f34
        Size/MD5 checksum:  3599590 64eb9e9b0251431bf01cd2e60a9785d0
    arm architecture (ARM)
        Size/MD5 checksum:   141014 fb1255ccb4e5646300e8bba498660ad5
        Size/MD5 checksum:  3585712 ad72df20198c5cc79e337f8507c6c48a
        Size/MD5 checksum:  6805246 abd81f6ced5c7299fc8a05f2c3520ce1
        Size/MD5 checksum:   351212 60d0055ecad06c8c9d9f59d06e17e9bb
        Size/MD5 checksum:   222458 c7c114018b7e0268f14943426f60d94f
        Size/MD5 checksum:    68642 af773dca5a82c3aa0abf27e681d8a90d
        Size/MD5 checksum:   815538 d73b178e2767270be079bdc5e4cecfcc
        Size/MD5 checksum:    84322 29e52b125176656f5c9c8664a44be1ad
        Size/MD5 checksum: 49392796 1349ace1f4f196b056477933b85d6d16
    armel architecture (ARM EABI)
        Size/MD5 checksum:   223806 d06a0dde42603edc4b089d0ce834b8e9
        Size/MD5 checksum:   823636 e997a585134758bec02c21f18618ea3a
        Size/MD5 checksum:    84804 9bbdb55e360c737904982ff43f97974c
        Size/MD5 checksum:   353696 74dedf4e35b293c7f5b22995ba3c5de4
        Size/MD5 checksum: 50230536 6851612699cfc0ec0a7877b5b630f167
        Size/MD5 checksum:   143112 3bdc142df48c7ec431231144bcb158c5
        Size/MD5 checksum:    70792 5984352da6eabbbf441b0b33bf9d2fe5
        Size/MD5 checksum:  6964468 b84c83530e8a6d3ca2624d90114963f0
        Size/MD5 checksum:  3574352 35effd484fe142a5ff6a68cd1e77734d
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:  3634146 ddeaa56c11874081d665a76fcd94a874
        Size/MD5 checksum:   158850 f616289ae7a428592b161d18e2d0e0c1
        Size/MD5 checksum:  9526792 0228e4b668c53522396fe7a879fe9344
        Size/MD5 checksum:   413666 e33c363476788bdd36a467167614f3ea
        Size/MD5 checksum:   107082 0b890dc85fbe833ffd677d93ed46a945
        Size/MD5 checksum:   223694 90eb5dc6be20d6b8b92479c2bd3664b2
        Size/MD5 checksum:   899588 99c6840d251b6af4674eb8a5b10cd8b9
        Size/MD5 checksum: 51324268 91f3a8d45df03a071b906f5df3f77e3e
        Size/MD5 checksum:    72370 d284cc5ccc8128047be7ca47abccb8c3
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   143310 9a7235f534fefb69f7b2be82acb46aa1
        Size/MD5 checksum:  6609704 5eb43fd05f98fb11d5b4d26924cd6198
        Size/MD5 checksum:   223422 15262b4fd94836bbe5a33ffcada84e65
        Size/MD5 checksum:   852190 24a8f292a796fd0dbf178c951b6c8797
        Size/MD5 checksum:    69116 964e42537f3de906a65ea049ae93fd97
        Size/MD5 checksum:    81330 583d92d9026ca84223c80df6ce0419a3
        Size/MD5 checksum:  3575548 7591d4af2fd13d969b484f751ca27baa
        Size/MD5 checksum:   352020 553e33e939ebcc65f320f1fa44459de8
        Size/MD5 checksum: 49616804 d4bd40f509bde790d9a1496d58f76aae
    ia64 architecture (Intel ia64)
        Size/MD5 checksum: 49784610 819c0fb5c9e61445df68418861d18aeb
        Size/MD5 checksum:  3394160 9ed835ee648c8c39a66dbfca60787b74
        Size/MD5 checksum:   543660 f7729004b29834e49b3fecc5c4ba78a8
        Size/MD5 checksum: 11324396 30bf87d7d8ceccc28ec6d1b6e8d1763b
        Size/MD5 checksum:   179800 265a2fb2ca46bd076dfa714d9d27426e
        Size/MD5 checksum:   810292 d365624d16016c78f3048a2dffa62437
        Size/MD5 checksum:   120916 c04818031093fe58b5ae7bfd3a5f427c
        Size/MD5 checksum:   223416 6511f9967275910e0e7928d6946e3cfd
        Size/MD5 checksum:    76616 5292b0ac5fa70ad678c2da2c7a80ac75
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   145414 4c77ca84405c99f3688e8bcbbdcbdc60
        Size/MD5 checksum:   379210 a7b57c21209f463e1f0295a56765350e
        Size/MD5 checksum:    97122 c249f8d3b4519f499439e038f8f2bb15
        Size/MD5 checksum:    70238 c6ad278886d71e66c774d7cd47d1d00c
        Size/MD5 checksum: 50083906 d079c502ff5ab7e2184cd9c3f1f582f1
        Size/MD5 checksum:  3311894 38b26f3d288dc85dd10a9e1b34bf0fb5
        Size/MD5 checksum:   223502 8d0ab93b30d1a6880d3773d70b474e4e
        Size/MD5 checksum:  7388242 dfbaa496f48603caac48a284b883ca57
        Size/MD5 checksum:   900806 68b13018bf5527dd532efceb785c07df
    powerpc architecture (PowerPC)
        Size/MD5 checksum:    73748 c330f71b1a6e75a98b0f3fa5d0439192
        Size/MD5 checksum:  3594420 7c54a9da185e7e193abf1b0ceb37f0f1
        Size/MD5 checksum:   152940 883c7de6b6fba1916948385bfe030146
        Size/MD5 checksum: 51508410 bb327b6a0865f0883030382ee4e56050
        Size/MD5 checksum:   363872 00a741c6ce8275f12815e8c373961976
        Size/MD5 checksum:   888786 888f3870be50d529586460a648804a9f
        Size/MD5 checksum:   223532 2583d5146e6856576fc3355b395dfbc6
        Size/MD5 checksum:    94742 cee4a1f0b7e5cedf03d75acb92b4679f
        Size/MD5 checksum:  7309892 d0588dfa2fe63a6397d8033524b2870a
    s390 architecture (IBM S/390)
        Size/MD5 checksum:   105788 b065b0c1ba3e0cd839774e790be58a20
        Size/MD5 checksum:  3609554 d80b0042f3e7cc4f65a11f53fe856d15
        Size/MD5 checksum:   155508 aa45cb4161e0c6573fcd6e1c1fc1c36d
        Size/MD5 checksum: 51294436 a9f0b8992072d1487574afe97962b951
        Size/MD5 checksum:   407614 ef15b5a9710bfb20c7cfbe1ca65fdf46
        Size/MD5 checksum:    73598 b57c45bee450ad88ec60b5e037dd9ca6
        Size/MD5 checksum:   223288 05e1142586111744ad914ef12150ae73
        Size/MD5 checksum:  8424762 87f042255337202e79e925d26571a980
        Size/MD5 checksum:   909526 4f70ff65f8d75061dea60cc60af869ce
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   224296 0e82aa025c4c256c3ade6c0afc76face
        Size/MD5 checksum:   821936 f14a59155733ec84b9236855457e4981
        Size/MD5 checksum:  3573228 5961930615833a0a8d300c61e96260ed
        Size/MD5 checksum: 49457542 2a2806ce2b8d24bbcd78d8688444b906
        Size/MD5 checksum:    69666 c71d3e4f66f2031023545c2547499f96
        Size/MD5 checksum:   350670 13aa3e96c2a1a63b0419e418edc2c090
        Size/MD5 checksum:  7184996 1bc558d8098271a45d800620fb342cd3
        Size/MD5 checksum:    88594 7c06dc1c0e1aea265f8d134b3857c65f
        Size/MD5 checksum:   143876 9cc35582879150b02736b50f8478f4a9
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"10","type":"x","order":"1","pct":32.26,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":19.35,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":48.39,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.