Debian: xulrunner fix several vulnerabilities DSA-1615-1
Summary
It was discovered that missing boundary checks on a reference
counter for CSS objects can lead to the execution of arbitrary code.
CVE-2008-2798
Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of
arbitrary code.
CVE-2008-2799
Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in
the Javascript engine, which might allow the execution of arbitrary code.
CVE-2008-2800
"moz_bug_r_a4" discovered several cross-site scripting vulnerabilities.
CVE-2008-2801
Collin Jackson and Adam Barth discovered that Javascript code
could be executed in the context of signed JAR archives.
CVE-2008-2802
"moz_bug_r_a4" discovered that XUL documements can escalate
privileges by accessing the pre-compiled "fastload" file.
CVE-2008-2803
"moz_bug_r_a4" discovered that missing input sanitising in the
mozIJSSubScriptLoader.loadSubScript() function could lead to the
execution of arbitrary code. Iceweasel itself is not affected, but
some addons are.
CVE-2008-2805
Claudio Santambrogio discovered that missing access validation in
DOM parsing allows malicious web sites to force the browser to
upload local files to the server, which could lead to information
disclosure.
CVE-2008-2807
Daniel Glazman discovered that a programming error in the code for
parsing .properties files could lead to memory content being
exposed to addons, which could lead to information disclosure.
CVE-2008-2808
Masahiro Yamada discovered that file URLS in directory listings
were insufficiently escaped.
CVE-2008-2809
John G. Myers, Frank Benkstein and Nils Toedtmann discovered that
alternate names on self-signed certificates were handled
insufficiently, which could lead to spoofings secure connections.
CVE-2008-2811
Greg McManus discovered discovered a crash in the block reflow
code, which might allow the execution of arbitrary code.
CVE-2008-2933
Billy Rios discovered that passing an URL containing a pipe symbol
to Iceweasel can lead to Chrome privilege escalation.
For the stable distribution (etch), these problems have been fixed in
version 1.8.0.15~pre080614d-0etch1.
For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.1-1.
We recommend that you upgrade your xulrunner packages.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Source archives:
Size/MD5 checksum: 1984 31304658ad202bb9e5f675c17336cf3f
Size/MD5 checksum: 145874 489cde3dae0240fefe68b2f53053d8c3
Size/MD5 checksum: 42800584 0a4cf16412f00f337752f57395b32ef2
Architecture independent packages:
Size/MD5 checksum: 2844006 fcab4e8948288b783fa4404c5c433720
Size/MD5 checksum: 175680 875d41d8f381cba8311fdcec7673e00a
Size/MD5 checksum: 238584 465784dcbe74f3099d9e637458d3910b
Size/MD5 checksum: 36594 42c02bb83126e0ff1e8276f2dbfb9da1
Size/MD5 checksum: 213302 0224ec7e681a40f000157dd255dc6d51
Size/MD5 checksum: 1086636 f85c0b7ed95d5e8fb00147c56c474e96
Size/MD5 checksum: 1031908 44a40685e1300d81d41278e326ba89f9
Size/MD5 checksum: 36556 5568df5c50c54dd495b02ff96eb06ef8
alpha architecture (DEC Alpha)
Size/MD5 checksum: 7337372 372936962590bf40b8a5c79a48ea1547
Size/MD5 checksum: 45999410 3340acd63bfd8cfaf0f1efda6016711f
Size/MD5 checksum: 291932 6cb79bb359a95fee0d5c82518265f9cd
Size/MD5 checksum: 386242 ad46a1bf88c75d108e9c623b921cbc04
Size/MD5 checksum: 3188438 4769d364ab0688cdf086ae4b057d20ad
Size/MD5 checksum: 52538 7d4ff104fadb349b69e2d0295decea0b
Size/MD5 checksum: 905110 28134e01aacc152b7b23cb56c48432e7
Size/MD5 checksum: 302112 bda81a4d1263f545dbd498b5865e1a40
Size/MD5 checksum: 738504 37080fd3ab44660e21dde3219de58440
Size/MD5 checksum: 70680 771414b30e993c5ffeae66da02269b96
Size/MD5 checksum: 764722 a3a2a1b234a61cffed6966251267be78
Size/MD5 checksum: 129394 665b21137f9a53d89d972ce3f0aa5948
Size/MD5 checksum: 162076 443cf2b2bc4711dfc721cad06b64b4c0
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 754018 5bfb381510f38772a15aa6ac54e2a7cb
Size/MD5 checksum: 68828 197cd7c5a041da14788a04d687f5d721
Size/MD5 checksum: 809604 e55743a04b389ed62276f478f1fa21e1
Size/MD5 checksum: 45206670 3a1da1d69526d10ca9bd276f9ec6b99d
Size/MD5 checksum: 148204 9dddb6ef5cecd037c5c7ea3c8b58537c
Size/MD5 checksum: 51484 d28759b89f735a48e638d5a6e28593b4
Size/MD5 checksum: 125152 abe06e4990d1516121cb898c5dc770e5
Size/MD5 checksum: 3174478 398b98b6e51e366f6361823721aeea9d
Size/MD5 checksum: 670288 d51709f408f31216d6630b38eac51f2a
Size/MD5 checksum: 355014 3b02fa97ae0e4b1fdf276847f5e9bc12
Size/MD5 checksum: 277462 33af6fbfe539365dbd8e933b2da234f2
Size/MD5 checksum: 6336884 63157e0e717647147d4e0308eb011a93
Size/MD5 checksum: 303920 666e7b5a90649fff5391373dfe246363
arm architecture (ARM)
Size/MD5 checksum: 259668 2097274af0f133e84e801b40e58fd68f
Size/MD5 checksum: 136390 982a9450e82fd00c88aab31412bc8554
Size/MD5 checksum: 118644 f2a15fc5a512a355ada1a8bffbaabcdc
Size/MD5 checksum: 2969322 4a0e155bd896c060647702a605b8f423
Size/MD5 checksum: 325580 1fd966264cf5906a118020d094883f72
Size/MD5 checksum: 50378 9aea80b50d86da852bb42e33293082e4
Size/MD5 checksum: 593762 c3a154524be6997d60c7dcbafa7d66f1
Size/MD5 checksum: 290176 e7b75ba7cf8fad9998442b71dd73f6ed
Size/MD5 checksum: 62492 dafe6375fdc0b38e2fde942ad7c5b403
Size/MD5 checksum: 44719552 f53f3b23ad8790581f11b5dc6f7551c6
Size/MD5 checksum: 5364016 79ae522f2443b6326bd35840248e7513
Size/MD5 checksum: 731670 3beb673e4d8b83fbdc1e018d2579c810
Size/MD5 checksum: 704394 6ff5128757bd305bbdc37ad51a8d3e71
hppa architecture (HP PA RISC)
Size/MD5 checksum: 161156 560cccd1c4a891699594afd539feb8fb
Size/MD5 checksum: 3104230 062ecb98f7a3270976a2b8e3a1590a9e
Size/MD5 checksum: 703026 09dbcc20f5b605a78b4a00e3ffce6db4
Size/MD5 checksum: 46107772 3a5a5168ecfad8ed95f7af2c211f75f1
Size/MD5 checksum: 874448 1bf77024e0fde65458ac0ea027e9c1a6
Size/MD5 checksum: 287358 42d414b8fa0a3bfff934d3f4aa422a27
Size/MD5 checksum: 390360 b8a59e319a9af2a086d31ec13118990c
Size/MD5 checksum: 131712 4b28b569f02333a3e1b9795698416671
Size/MD5 checksum: 7544310 4659f7b5c46db71997fce90bb521df69
Size/MD5 checksum: 53002 2dc22c083589e5df175dcf559f445365
Size/MD5 checksum: 70458 cd9cf2f0ff6dd4c279df8817bb4ba27a
Size/MD5 checksum: 301828 4d08c941f7fe25c52d6a6c2125af4ff5
Size/MD5 checksum: 752020 f5d3384c1f62a9973309a1304dcc8b84
i386 architecture (Intel ia32)
Size/MD5 checksum: 139410 5ca255701da7ee91e839e712711671a4
Size/MD5 checksum: 63362 c155593b6dce9d537a8796b60c22fe2a
Size/MD5 checksum: 713624 718b18f861642f31bd6b9cf717d55f22
Size/MD5 checksum: 44674802 41cb675a04ce3b25b67ab3a5c5ded88a
Size/MD5 checksum: 336508 b7e628ff213cde0bcf1761c69cce433e
Size/MD5 checksum: 5380682 66cdbd0c177054c001773c30e5f274cd
Size/MD5 checksum: 296082 7fa80424bb86a8d1b80eb07c66a49917
Size/MD5 checksum: 3033472 8a261ce5bfc95a4b134a65b2c0505bf7
Size/MD5 checksum: 269596 e5b337cadc3b9ea99669dc36b3519d39
Size/MD5 checksum: 628096 66a097c73ca0df785d80cda7fd9ada4d
Size/MD5 checksum: 51098 8ba198c6a9e6ac569a115de228984375
Size/MD5 checksum: 743780 d9f9ec731d98ebe33cafdf36bea469c2
Size/MD5 checksum: 117950 e389eb982bc4ea7d304941f657d469e6
ia64 architecture (Intel ia64)
Size/MD5 checksum: 287076 a677f06c28b1cd4311db1bd2225e88c0
Size/MD5 checksum: 1121220 dc8a0634d19ae14a2567670ef1ebe7b9
Size/MD5 checksum: 80410 ff729006179e62e4bc66742c52df1f7a
Size/MD5 checksum: 57326 c96333e3d538aa8ecfcc6c973eddab29
Size/MD5 checksum: 45407618 0adcce5c4bee8b54ff8e3fa87c5764f0
Size/MD5 checksum: 3051276 a0edbabd48049933b224437cdf84bd4a
Size/MD5 checksum: 755860 a5ef3c9f2bc620bd7f910a28bd76f156
Size/MD5 checksum: 532054 62d15404e0d0e9bd32aecdc5f88387d1
Size/MD5 checksum: 937036 205bc2a327fdfda8c84d42b835e096d5
Size/MD5 checksum: 9674190 d466411b53b02f63a9607fae95205927
Size/MD5 checksum: 198372 87ca136459bc95cfeac3e779fd07c0b2
Size/MD5 checksum: 150082 9aa9426ad3c0d3761706e99f7548e2cf
Size/MD5 checksum: 333490 9d7df9c3e342480de3ddf61494dc434f
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 64000 29fc7051eaf34628af884ea8f7ac6c07
Size/MD5 checksum: 3290134 0d810d7289fd84521298a6643b4bf295
Size/MD5 checksum: 809168 5fa438984f65feef226626017ef64a3d
Size/MD5 checksum: 785468 f52f40148f551d05d90aa7dcef53a0a6
Size/MD5 checksum: 46748660 3fef20db3af66f4b6b3ffbe7304d581f
Size/MD5 checksum: 312262 8639e2010dfcb2bb9a4b09b256bdb949
Size/MD5 checksum: 146288 7a288bdf2f66767dd5a6c1d10b848ab8
Size/MD5 checksum: 274802 d8aa5f403641325360be7b3e03063e45
Size/MD5 checksum: 118710 6f4d53005aa33ad4f24eeab07cbb307b
Size/MD5 checksum: 51282 04488eb8e010cec66a23d32cf88129b5
Size/MD5 checksum: 352336 37914c31bd927b60b4c8d1caddd58f3a
Size/MD5 checksum: 670436 ed4280137b2174f4cf9d902bcfe9781a
Size/MD5 checksum: 5948876 78613c054c240155d81f4ee8a96a8125
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 785138 428dcca04b08b46f6d00eb807718cefe
Size/MD5 checksum: 766026 f2f1099449bd4fcc0bf76f891bb66819
Size/MD5 checksum: 145926 d0ba6b7d7801af12621dcc4856ee46b0
Size/MD5 checksum: 305340 2ee5be241b43e17185534fca189cf585
Size/MD5 checksum: 118270 f97c31bcedba57c6f77e79d369dba64e
Size/MD5 checksum: 64674 d747ac57cc3397a6d8506bd8aeb24ca6
Size/MD5 checksum: 45343580 b4c8940adf52f70ce0a579a94c4413a2
Size/MD5 checksum: 52048 615b3d1f5fa0d7ab774d0144fce034c5
Size/MD5 checksum: 5751698 67edbc1434351eccd4652d53f2a260c6
Size/MD5 checksum: 670190 1ff5d1b3ace970da968af41cae3de3f0
Size/MD5 checksum: 350836 6bf9ab640d546363aa39a8f51b749487
Size/MD5 checksum: 274456 6c79fe9924159701ba8c8684c26bce96
Size/MD5 checksum: 3186968 910b955dc9f08d84db9b7396f2c10fb5
powerpc architecture (PowerPC)
Size/MD5 checksum: 640184 ec8b6872af62087cbf9574e277d1ec12
Size/MD5 checksum: 147690 442e336e5d631b785d514dd809f41a19
Size/MD5 checksum: 310772 ceb5231f0e7fc74608403b807dca2453
Size/MD5 checksum: 809832 9d723fc8dcd69a257053c73c436bb603
Size/MD5 checksum: 3207480 bdcda865edd14128673e66877b8c6bd0
Size/MD5 checksum: 773718 bfc346408b92401b95dbf3dbf45530a8
Size/MD5 checksum: 349332 1f16840d5374b40129ffd40029cbea6b
Size/MD5 checksum: 53306 de47e4a51636cb6d3e94b981a788ea02
Size/MD5 checksum: 6106624 0e3652e11a2fe4ca3bf9b9ea2ce4bdff
Size/MD5 checksum: 46922854 d3914636b8721b8e43fd151e2d375615
Size/MD5 checksum: 124088 0e8351174a5118b9cf02a88dddac155d
Size/MD5 checksum: 64562 c9a9652f38bbf96fa8930f85d07a4d5e
Size/MD5 checksum: 278876 b500f1872a9079f1fc50490dcb4f56f8
s390 architecture (IBM S/390)
Size/MD5 checksum: 306420 3454a5b9f3e54a5d917d304064a9d0a5
Size/MD5 checksum: 6809944 415157d0409bc2a4e62f29b06882c22e
Size/MD5 checksum: 372264 9b4714020d03ac0d6812fd24cbcb6cd9
Size/MD5 checksum: 899124 1ef7c51745afe36707731c9b539d7d0a
Size/MD5 checksum: 282400 da06d583e23d27642e9b96635b1a19f7
Size/MD5 checksum: 3181676 ac2e1eabee0ced8f32191660a00d61aa
Size/MD5 checksum: 46059458 6df93dbd5d4b9d6b7e4250141a6602bc
Size/MD5 checksum: 53526 ebb8660abea3dad5446a0435406d1a1a
Size/MD5 checksum: 688262 438472099ee7550cea9663dca0abcbce
Size/MD5 checksum: 755848 39f7e8ab7304b5395df1f16e0e092222
Size/MD5 checksum: 69534 93a2e1462531023fd46d6dc505a83a98
Size/MD5 checksum: 126902 93fa1c8cb52510c915e86eb26167a988
Size/MD5 checksum: 160366 c0522a786f6996035fdee825051304b9
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 118406 f262c3a3e5a436b88f92d4a487799888
Size/MD5 checksum: 283950 a442b30b3c51dc4572eddf58fc0a0305
Size/MD5 checksum: 323318 be1b756a462df91dcb2aeffa09fcf778
Size/MD5 checksum: 5684876 67eca580932de34faabf4b5b12382471
Size/MD5 checksum: 585954 295ce397dfa0464976011bb6286b468b
Size/MD5 checksum: 136516 e0a1824162338cfd74e20f63bd5e335e
Size/MD5 checksum: 719330 7634b0f67d7c271f26a57f8bc2f5cde2
Size/MD5 checksum: 675300 0520788c5ce31933fe2a66e4324e0810
Size/MD5 checksum: 2854098 3e3665641981cf4062d204253c753189
Size/MD5 checksum: 44766544 1eca996880341c745747fb76beb7ae45
Size/MD5 checksum: 260896 75cad22d67ca5255a5aa77e9684ee64b
Size/MD5 checksum: 51422 2f92d4ec5cab94002726c7e177b92e41
Size/MD5 checksum: 62850 4368643e244571f5edcaabf76881ec12
These files will probably be moved into the stable distribution on
its next update.
For dpkg-ftp: dists/stable/updates/main