Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.1063 -- [Debian] New xulrunner packages fix several vulnerabilities 24 November 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: xulrunner Publisher: Debian Operating System: Debian GNU/Linux 4.0 Impact: Execute Arbitrary Code/Commands Read-only Data Access Cross-site Scripting Provide Misleading Information Reduced Security Access: Remote/Unauthenticated CVE Names: CVE-2008-5024 CVE-2008-5023 CVE-2008-5022 CVE-2008-5021 CVE-2008-5018 CVE-2008-5017 CVE-2008-5014 CVE-2008-5013 CVE-2008-5012 CVE-2008-4582 CVE-2008-4069 CVE-2008-4068 CVE-2008-4067 CVE-2008-4066 CVE-2008-4065 CVE-2008-4062 CVE-2008-4061 CVE-2008-4060 CVE-2008-4059 CVE-2008-4058 CVE-2008-3837 CVE-2008-3836 CVE-2008-3835 CVE-2008-0017 CVE-2008-0016 Ref: AL-2008.0114 AL-2008.0099 Original Bulletin: http://www.debian.org/security/2008/dsa-1669 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-1669-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 23, 2008 http://www.debian.org/security/faq - - ------------------------------------------------------------------------ Package : xulrunner Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4066 Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. For the stable distribution (etch), these problems have been fixed in version 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided later. For the upcoming stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 1.9.0.4-1. We recommend that you upgrade your xulrunner packages. Upgrade instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h.orig.tar.gz Size/MD5 checksum: 43763318 269ce29df92d5053f6d0fc659717c18b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.diff.gz Size/MD5 checksum: 144529 7f517d4bd904df70b6ead61c85e5eb71 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.dsc Size/MD5 checksum: 1984 2f56bfad80749a3af01a185cfc3a19e5 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 37108 ac110712c554bc90e6156ddf375c20e6 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 231230 75b9b3c909279253b358fe73c87ae920 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 176254 6bffe2de1c86a23ea69141da310df072 http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 37070 a83bac43079f44db9c6a8ba23638481a http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 2637220 39ab7259a30e82173bd736ff4d26b366 http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 1051896 e9a4021391f5153eaca415b5f6e93fe6 http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 1032080 388688d0bfcb0a5c4abde96f9fb24c98 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb Size/MD5 checksum: 207752 516386bf8588e6210ac121d38cc67308 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 292440 187aad52fc63d5fdca6521359b6a360a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 386628 536f366c637868a9f27746f776d37a31 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 7346254 4b946a8f3cde017ff0580a9a97687e7e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 765180 673c7bd51731495926293ff92301b327 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 739026 d96d09c1ecbf280a77ee5f4fe4a7d1a3 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 3188906 5cfc3218c50b909a4e64e06d09774224 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 53106 20768cf8e831ad71f45cccb657eb3448 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 71212 0f8fe3e84b4faf38d25347f3dfdc463d http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 302616 01109cc8d78492dbbbcbad4756255e8b http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 162612 9af11053277aa8398ed4852890076b41 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 129930 7b03aa5bcfb76b15d860621806ffbccb http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 905638 3a558f50e394d109e4d306559b48283a http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb Size/MD5 checksum: 46017420 d5f238086f7f77270d31a3d34c4b9a35 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 3177838 69775ab87c4c2677faf2fbe8ed1c4617 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 148946 d179d55f788e6fbaf2259446d79c342c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 356028 7e6147ae3531fb175cdf637a25f4dc33 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 126632 7795ccbd3edeb72623450ec3b0c407f9 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 810296 09a7217cbe1b1180c71ae7b16a306747 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 69360 2e6a6559a22ce55f2b6b9331b0bfbd68 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 755560 ade61fc66030701ba9d62086288403bf http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 278728 9124a96cd6b202d076a35829b542f6f6 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 6343406 7683694615827e8674c59034978b86b1 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 671010 7984141447417ad48f657e5752a197c5 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 45217322 e18a8c41099328f6979c27614a81b83c http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 53340 803733e356f2f74037a6f3a7d9a4a91f http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb Size/MD5 checksum: 304624 36ced9e2336ccaa648a15c76707f8645 arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 50992 e655c2956e96e317f0a32c4122b34d3b http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 732278 0f2bce0bc1d0b13b36c5b45465516b04 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 44746676 980a58b4e66d48cb8e913a3846081001 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 5368942 8a6560e2302db9686218205d5c347e16 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 290778 305d1c3d9f893d75d6b92e7b02819bdb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 63054 72ef44af146319f439a44197b7d4743a http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 594214 7c6d64740f289185389b15b790d645ad http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 2969882 9acb7cc81292692bedc12f523fb25f19 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 119110 249f11b4d5c08aa5d1bd4d74221e0c38 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 136886 ce4ac4ba2050790518c8528c2a415f02 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 326184 5c4f59cedea7db6e7dd5d9a9522c24c7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 260186 a9ac930957d7416cc7a160b6044f96b3 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb Size/MD5 checksum: 705170 fbdb65410c70fa8805ce72c0c97c179b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 302322 61f8282f8cd276c69d24fa6824761a4e http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 703692 06452f715efa7e66c5d22e3866db2c0e http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 46134820 cd29259ebf9caf9dca35560e806f984b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 53462 27cc05a50b56afbe49b5fa3b30672e58 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 390962 9fed7a335de83d6333b1c2e5c9bedfea http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 161670 b9c1c8bfdf1db386d301dbb03d5c403c http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 7552110 91b773e5373158755289930d39ff7470 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 132130 8a5c0d6d99049ab1a499c584a602d7dc http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 753050 bc5f4f2723836580fbfbaed5a71272b1 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 287828 b0a84eacece17a811defbb7b30c757f7 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 3104660 47ab34d7126c8f64cbaa269f7a2afdd4 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 70902 67634b0f71a03fd87476396172ccffe7 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_hppa.deb Size/MD5 checksum: 874810 ae271a1ca58484ddf43ba14d66387a06 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 5383100 25dfd28aef781b5ca352f0232aa211e9 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 63834 2691c48af147f802e684e030d3e04701 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 44696504 d3f45db182ee59de39c86b5ea12ad01a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 714892 13951abf0a2c9030ed8ff163f6259351 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 296446 b8a9da32c6184afac2f6649ce8ad5847 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 139824 13cb243ffadc155900abb00835a6507b http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 3033280 705838b8f872cd335ce180cbad03cdb1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 337086 87db12ec21885f3833560b334e1af3e4 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 50868 707ae35a901c3e9ae1ec40c3c00f7921 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 742916 bd2ff5be8f3a94deaf104bafe477a9d3 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 118548 8ce74f7ef876172271c72c3c411cbd33 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 267924 7d8bcf96f9244594b9a937b6224fa097 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_i386.deb Size/MD5 checksum: 628432 e109e6b6aa054ced99a8844df67ced17 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 150698 ab8c0d92e7ac8bb48b604d6ea36197e4 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 287530 c9db22cd56cc17dd619cbd95b3b45075 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 532996 b7c0eadd7ddd85642c761e29cf7cafc3 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 755714 eae62df93df4e8bb5f0deda5dd4ec4e9 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 3051824 e516b3a4601b8350faeff14a47b298b2 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 334028 3a0cc332ff6b095193b7c70952d13532 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 45437166 c3a164f9d48b0c96277be51a441915dd http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 1121458 5f97e14d0837fc02241fec88c81f706a http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 80872 a36655812bc3600a00ada31f7b5af8d7 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 9685646 1ec5fef153646e888c1e28c306e0edae http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 57870 97e42348ab45451378fd360df57ee996 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 198742 bbba497dfc3b9e556082c6357e3dfde5 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_ia64.deb Size/MD5 checksum: 937264 e538ce36bc43ed941394d13ee0d52a53 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 274964 8cc829f5a01dabeb02357a57f26de510 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 65170 7ca8f4598376b9e35cf62096cd0663aa http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 785530 464969451374f49191184fdd78363633 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 351424 21b9b17a786ee9e8a28bff8e2cb7b067 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 3187334 da69f74749bc9d111d4a1e4597b7a075 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 52554 fd3706c6cfccb0442e3b092e184adfbb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 118606 3f78ef107edbf118d6da0a504b1a6c90 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 5756448 5d27b51600c5aecf30d82872ea5ef976 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 670678 861a749803d3906cd21d77e8f45ecae6 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 305782 739ba0f2bcb1c8204734225044648734 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 45367986 ff5cbe1732d1dae74bb822119d86a925 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 766946 438965e5962147e88570d0f0502b43fd http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb Size/MD5 checksum: 146350 3cdb4a00d928cd6d222841d961edcaf8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 124684 defd7a2555c14d3a0f06c971bea7a451 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 810014 20a1a9dbf4a3ad3eb8fd0d35ee64342f http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 46948440 e99e9c17fe4fff09ffa231ab61344926 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 3207304 106c8e04e7e69a403629a08113af60b1 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 53822 06e6021788dfa6ed42f73c42dc42d4c6 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 148102 9ee04ff3dbad84bebf8536adf942da51 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 279498 2a91ba4052440b688a084142034094b2 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 350088 2cdf2cc81b27d7ecab9c8045f9fa3f4c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 774852 68f4364621232a4ccaf379739fe90844 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 640770 caf3b284405fe5c5c630aa3079b03a98 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 65030 1fb0c63b382b718542a93f6a5044c5dd http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 6111652 8084da84956a7dd10fb41a748571d1ce http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb Size/MD5 checksum: 311138 dd2cdb789b213198e2d07793ff6cda7d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 372540 2a5ba267a8fe0873efd38cd4b7901cc6 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 282950 45ee96102546cd3721b3035fa66625d5 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 127476 c84ebe0a16a997feec58a7e4b8cb680e http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 6815988 904ffedb7cf2d3951fa3ba419db97bf8 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 688656 68fe7ceca84ad73d3af368cafcc8bb8d http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 3182688 e31c62d66bbc8c56803ad26bebdd759b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 54072 143164871ff9749b6b6b4430cb32041b http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 756986 e369095cb45670013a7842c16e4b705d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 69980 9d100c8a6ce21bf7072068084fb0d686 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 306772 7d5c5de6d3b220c4ed01f0f41fdee5bc http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 899720 3ac2e0a53da7a24c693705e38222063e http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 160818 24d85411a0b362051bf4a01071b62fba http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb Size/MD5 checksum: 46082350 b519a68a5f31a04f0f5e236845487bde sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 719922 5bc9efc37cef094718adb36d5a016179 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 676172 b0241dcaf3f7153dc9145a9c5babe787 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 63314 4e65fa183e0e12f543d0eb669c6d670d http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 51986 303f9de96490f0633aab95306fe30f05 http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 586488 6236e767259e06e3d3b4c062ee6362a2 http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 44786670 07e5e02fced64c2303043cffa255a4ee http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 5691050 3f4e9e5e4feff6a386094101820c9f11 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 323786 ec3a7690b2e154e51132d1983a72be3b http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 2854664 214407a606e9b94ab300ea306d1c0e18 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 136908 be6e397388eb412bcbf9ec6a014b00f5 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 118720 346aa123c24a426716a1576c3c285dc6 http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 284372 63ba1195ae71a92c6b780004c0c7e2da http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_sparc.deb Size/MD5 checksum: 261348 690d1985e4d4cd1c5b076e76af55ac84 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkpvOsACgkQXm3vHE4uylqk/QCfcUJ0bKTZiaUbBByKV0IMMfn0 jScAoMccp5hon5x17e34NnJzW8aJGMDb =ZybD - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSSob/Sh9+71yA2DNAQJ5DQP5AcdU5ez/Gv62Et3P1+EprwzyStDMTTIp 8V5yGvcmA5xjpdABZRY+LaEE8y1/u4EVuyHzY6nr9Pg6S2+vDcAo3IzEDgh9FMZq w1LWvMLPYYlW0s+xA1FT7hQyDNLvFgth8nOY6n3UfJFH9FSQ5xfEQiCllw7cFOm7 LI/DX8Qps7Y= =Nr89 -----END PGP SIGNATURE-----