Linux Security
Linux Security
Linux Security

Debian: DSA-2106-2: New xulrunner packages fix regression

Date 19 Sep 2010
Posted By LinuxSecurity Advisories
DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below.

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2106-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Stefan Fritsch
September 19, 2010          
- ------------------------------------------------------------------------

Package        : xulrunner
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169

DSA-2106-1 introduced a regression that could lead to an application
crash.  This update fixes this problem.  For reference, the text of
the original advisory is provided below.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

- - Implementation errors in XUL processing allow the execution of
  arbitrary code (CVE-2010-2760, CVE-2010-3167, CVE-2010-3168)

- - An implementation error in the XPCSafeJSObjectWrapper wrapper allows
  the bypass of the same origin policy (CVE-2010-2763)

- - An integer overflow in frame handling allows the execution of
  arbitrary code (CVE-2010-2765)

- - An implementation error in DOM handling allows the execution of
  arbitrary code (CVE-2010-2766)

- - Incorrect pointer handling in the plugin code allow the execution of
  arbitrary code (CVE-2010-2767)

- - Incorrect handling of an object tag may lead to the bypass of cross
  site scripting filters (CVE-2010-2768)

- - Incorrect copy and paste handling could lead to cross site scripting

- - Crashes in the layout engine may lead to the execution of arbitrary
  code (CVE-2010-3169)

For the stable distribution (lenny), the problem has been fixed in 
version The packages for the mips architecture are not
included in this update. They will be released as soon as they become

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum: 44174623 83667df1e46399960593fdd8832e958e
    Size/MD5 checksum:     1755 ec1bbbbd68484fd56658004d35660079
    Size/MD5 checksum:   163246 2c2544dd4c410435fa0c80a337471b3f

Architecture independent packages:
    Size/MD5 checksum:  1482996 863ccb72f1a414ed13bd27405afba771

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   164820 a3c3627598bfccbd464b12afc9fd1518
    Size/MD5 checksum: 51198504 3d8d5f458c570c8a269865747845b000
    Size/MD5 checksum:    72756 d7d444c19f110c887596e8c6c1a52aaf
    Size/MD5 checksum:   433826 32e8706fe2a306c1f9908a620246c83a
    Size/MD5 checksum:   223118 90e749bb96774053f296271a5b8eb0ba
    Size/MD5 checksum:  9506608 5026aba96d3ace32f1c178fc94316eee
    Size/MD5 checksum:  3656240 9b19520d0180d224d4df695d22c9df23
    Size/MD5 checksum:   939550 e33c90da76aba433f506bac4852f8590
    Size/MD5 checksum:   113604 6e3ab285138ff64e0a4899cb827c6f2f

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum: 50443192 60952c4d1272b7d54a4b35598d9da9d8
    Size/MD5 checksum:   102114 2630d71984e9c30fa2746f456a796cd2
    Size/MD5 checksum:    70732 48884179fb002f92523ce7bfd6798084
    Size/MD5 checksum:   223858 b6eb38fe9289d8833d543b82fe4bfb5a
    Size/MD5 checksum:   889010 4dd57cef68b3d1c79b5f59d454b9bef6
    Size/MD5 checksum:   375468 ecf7e48691e5c25d2bc0c595e6c36cfe
    Size/MD5 checksum:   151934 6ee561d1343bf016cd414f06a94f3e60
    Size/MD5 checksum:  7760866 3c73945a0610ccea86c76196a7c79f34
    Size/MD5 checksum:  3599590 64eb9e9b0251431bf01cd2e60a9785d0

arm architecture (ARM)
    Size/MD5 checksum:   141014 fb1255ccb4e5646300e8bba498660ad5
    Size/MD5 checksum:  3585712 ad72df20198c5cc79e337f8507c6c48a
    Size/MD5 checksum:  6805246 abd81f6ced5c7299fc8a05f2c3520ce1
    Size/MD5 checksum:   351212 60d0055ecad06c8c9d9f59d06e17e9bb
    Size/MD5 checksum:   222458 c7c114018b7e0268f14943426f60d94f
    Size/MD5 checksum:    68642 af773dca5a82c3aa0abf27e681d8a90d
    Size/MD5 checksum:   815538 d73b178e2767270be079bdc5e4cecfcc
    Size/MD5 checksum:    84322 29e52b125176656f5c9c8664a44be1ad
    Size/MD5 checksum: 49392796 1349ace1f4f196b056477933b85d6d16

armel architecture (ARM EABI)
    Size/MD5 checksum:   223806 d06a0dde42603edc4b089d0ce834b8e9
    Size/MD5 checksum:   823636 e997a585134758bec02c21f18618ea3a
    Size/MD5 checksum:    84804 9bbdb55e360c737904982ff43f97974c
    Size/MD5 checksum:   353696 74dedf4e35b293c7f5b22995ba3c5de4
    Size/MD5 checksum: 50230536 6851612699cfc0ec0a7877b5b630f167
    Size/MD5 checksum:   143112 3bdc142df48c7ec431231144bcb158c5
    Size/MD5 checksum:    70792 5984352da6eabbbf441b0b33bf9d2fe5
    Size/MD5 checksum:  6964468 b84c83530e8a6d3ca2624d90114963f0
    Size/MD5 checksum:  3574352 35effd484fe142a5ff6a68cd1e77734d

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  3634146 ddeaa56c11874081d665a76fcd94a874
    Size/MD5 checksum:   158850 f616289ae7a428592b161d18e2d0e0c1
    Size/MD5 checksum:  9526792 0228e4b668c53522396fe7a879fe9344
    Size/MD5 checksum:   413666 e33c363476788bdd36a467167614f3ea
    Size/MD5 checksum:   107082 0b890dc85fbe833ffd677d93ed46a945
    Size/MD5 checksum:   223694 90eb5dc6be20d6b8b92479c2bd3664b2
    Size/MD5 checksum:   899588 99c6840d251b6af4674eb8a5b10cd8b9
    Size/MD5 checksum: 51324268 91f3a8d45df03a071b906f5df3f77e3e
    Size/MD5 checksum:    72370 d284cc5ccc8128047be7ca47abccb8c3

i386 architecture (Intel ia32)
    Size/MD5 checksum:   143310 9a7235f534fefb69f7b2be82acb46aa1
    Size/MD5 checksum:  6609704 5eb43fd05f98fb11d5b4d26924cd6198
    Size/MD5 checksum:   223422 15262b4fd94836bbe5a33ffcada84e65
    Size/MD5 checksum:   852190 24a8f292a796fd0dbf178c951b6c8797
    Size/MD5 checksum:    69116 964e42537f3de906a65ea049ae93fd97
    Size/MD5 checksum:    81330 583d92d9026ca84223c80df6ce0419a3
    Size/MD5 checksum:  3575548 7591d4af2fd13d969b484f751ca27baa
    Size/MD5 checksum:   352020 553e33e939ebcc65f320f1fa44459de8
    Size/MD5 checksum: 49616804 d4bd40f509bde790d9a1496d58f76aae

ia64 architecture (Intel ia64)
    Size/MD5 checksum: 49784610 819c0fb5c9e61445df68418861d18aeb
    Size/MD5 checksum:  3394160 9ed835ee648c8c39a66dbfca60787b74
    Size/MD5 checksum:   543660 f7729004b29834e49b3fecc5c4ba78a8
    Size/MD5 checksum: 11324396 30bf87d7d8ceccc28ec6d1b6e8d1763b
    Size/MD5 checksum:   179800 265a2fb2ca46bd076dfa714d9d27426e
    Size/MD5 checksum:   810292 d365624d16016c78f3048a2dffa62437
    Size/MD5 checksum:   120916 c04818031093fe58b5ae7bfd3a5f427c
    Size/MD5 checksum:   223416 6511f9967275910e0e7928d6946e3cfd
    Size/MD5 checksum:    76616 5292b0ac5fa70ad678c2da2c7a80ac75

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   145414 4c77ca84405c99f3688e8bcbbdcbdc60
    Size/MD5 checksum:   379210 a7b57c21209f463e1f0295a56765350e
    Size/MD5 checksum:    97122 c249f8d3b4519f499439e038f8f2bb15
    Size/MD5 checksum:    70238 c6ad278886d71e66c774d7cd47d1d00c
    Size/MD5 checksum: 50083906 d079c502ff5ab7e2184cd9c3f1f582f1
    Size/MD5 checksum:  3311894 38b26f3d288dc85dd10a9e1b34bf0fb5
    Size/MD5 checksum:   223502 8d0ab93b30d1a6880d3773d70b474e4e
    Size/MD5 checksum:  7388242 dfbaa496f48603caac48a284b883ca57
    Size/MD5 checksum:   900806 68b13018bf5527dd532efceb785c07df

powerpc architecture (PowerPC)
    Size/MD5 checksum:    73748 c330f71b1a6e75a98b0f3fa5d0439192
    Size/MD5 checksum:  3594420 7c54a9da185e7e193abf1b0ceb37f0f1
    Size/MD5 checksum:   152940 883c7de6b6fba1916948385bfe030146
    Size/MD5 checksum: 51508410 bb327b6a0865f0883030382ee4e56050
    Size/MD5 checksum:   363872 00a741c6ce8275f12815e8c373961976
    Size/MD5 checksum:   888786 888f3870be50d529586460a648804a9f
    Size/MD5 checksum:   223532 2583d5146e6856576fc3355b395dfbc6
    Size/MD5 checksum:    94742 cee4a1f0b7e5cedf03d75acb92b4679f
    Size/MD5 checksum:  7309892 d0588dfa2fe63a6397d8033524b2870a

s390 architecture (IBM S/390)
    Size/MD5 checksum:   105788 b065b0c1ba3e0cd839774e790be58a20
    Size/MD5 checksum:  3609554 d80b0042f3e7cc4f65a11f53fe856d15
    Size/MD5 checksum:   155508 aa45cb4161e0c6573fcd6e1c1fc1c36d
    Size/MD5 checksum: 51294436 a9f0b8992072d1487574afe97962b951
    Size/MD5 checksum:   407614 ef15b5a9710bfb20c7cfbe1ca65fdf46
    Size/MD5 checksum:    73598 b57c45bee450ad88ec60b5e037dd9ca6
    Size/MD5 checksum:   223288 05e1142586111744ad914ef12150ae73
    Size/MD5 checksum:  8424762 87f042255337202e79e925d26571a980
    Size/MD5 checksum:   909526 4f70ff65f8d75061dea60cc60af869ce

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   224296 0e82aa025c4c256c3ade6c0afc76face
    Size/MD5 checksum:   821936 f14a59155733ec84b9236855457e4981
    Size/MD5 checksum:  3573228 5961930615833a0a8d300c61e96260ed
    Size/MD5 checksum: 49457542 2a2806ce2b8d24bbcd78d8688444b906
    Size/MD5 checksum:    69666 c71d3e4f66f2031023545c2547499f96
    Size/MD5 checksum:   350670 13aa3e96c2a1a63b0419e418edc2c090
    Size/MD5 checksum:  7184996 1bc558d8098271a45d800620fb342cd3
    Size/MD5 checksum:    88594 7c06dc1c0e1aea265f8d134b3857c65f
    Size/MD5 checksum:   143876 9cc35582879150b02736b50f8478f4a9

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":77.61,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"9","type":"x","order":"2","pct":13.43,"resources":[]},{"id":"181","title":"Hardly ever","votes":"6","type":"x","order":"3","pct":8.96,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.