Säkerhetsbulletin från Debian
DSA-1751-1 xulrunner -- flera sårbarheter
- Rapporterat den:
- 2009-03-22
- Berörda paket:
- xulrunner
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776.
- Ytterligare information:
-
Flera utifrån nåbara sårbarheter har upptäckts i Xulrunner, en körtidsmiljö för XUL-applikationer, såsom webbläsaren Iceweasel. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2009-0771
Martijn Wargers, Jesse Ruderman och Josh Soref upptäckte krascher i layoutmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-0772
Jesse Ruderman upptäckte krascher i layoutmotorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-0773
Gary Kwong och Timothee Groleau upptäckte krascher i Javascript-motorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-0774
Gary Kwong upptäckte krascher i Javascript-motorn, som kan tillåta exekvering av godtycklig kod.
- CVE-2009-0775
Det upptäcktes att felaktig minneshantering i DOM-elementhantering kan leda till exekvering av godtycklig kod.
- CVE-2009-0776
Georgi Guninski upptäckte en kränkning av samma-ursprungs-policyn genom RDFXMLDataSource och serveröverskridande omdirigeringar.
Precis som nämndes i versionsfakta för Etch, behövdes säkerhetsstödet för Mozilla-produkterna i den gamla stabila utgåvan avslutas innan slutet av den ordinarie livscykeln för säkerhetsarbetet för Etch. Ni uppmanas starkt att uppgradera till den stabila utgåvan eller byta till en webbläsare som fortfarande stöds.
För den stabila utgåvan (Lenny) har dessa problem rättats i version 1.9.0.7-0lenny1.
För den instabila utgåvan (Sid) har dessa problem rättats i version 1.9.0.7-1.
Vi rekommenderar att ni uppgraderar era xulrunner-paket.
- CVE-2009-0771
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.diff.gz
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.dsc
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.dsc
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_arm.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_armel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_i386.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_mips.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_s390.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_sparc.deb
- http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.