Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 365125 (CVE-2011-1303) - <www-client/chromium-11.0.696.57: multiple vulnerabilities (CVE-2011-{1303,1304,1305,1434,1435,1436,1437,1438,1439,1440,1441,1442,1443,1444,1445,1446,1447,1448,1449,1450,1451,1452,1454})
Summary: <www-client/chromium-11.0.696.57: multiple vulnerabilities (CVE-2011-{1303,13...
Status: RESOLVED FIXED
Alias: CVE-2011-1303
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-04-27 19:23 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-09-11 00:29 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-04-27 19:23:45 UTC
Release notes: http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

Synopsis:

Multiple vulnerabilities have been reported in Chromium, that may
allow user-assisted execution of arbitrary code, Denial of Service, privilege escalation, information leak, same-origin policy violation and URL bar spoofing.

Impact:

A remote attacker could entice a user to visit a specially crafted web page and/or perform a set of UI actions that would trigger one of the vulnerabilities, leading to execution of arbitrary code, Denial of Service, privilege escalation, information leak, same-origin policy violation and URL bar spoofing.

Arches, please stabilize =www-client/chromium-11.0.696.57
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-04-27 19:24:43 UTC
Rating B1 because local root privilege escalation might be possible (the sandbox binary is SUID root).
Comment 2 Agostino Sarubbo gentoo-dev 2011-04-28 02:31:23 UTC
works here as usual
Comment 3 Andreas Schürch gentoo-dev 2011-04-28 12:25:39 UTC
Looks good here on x86 also.
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2011-04-28 16:11:23 UTC
amd64 done. Thanks Agostino
Comment 5 Thomas Kahle (RETIRED) gentoo-dev 2011-04-29 14:32:52 UTC
x86 stable. Thanks Andreas
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2011-04-29 15:37:04 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:07 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:03:15 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2011-11-02 08:20:57 UTC
CVE-2011-1444 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1444):
  Race condition in the sandbox launcher implementation in Google Chrome
  before 11.0.696.57 on Linux allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via unknown vectors.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:29:43 UTC
CVE-2011-1454 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1454):
  Use-after-free vulnerability in the DOM id handling functionality in Google
  Chrome before 11.0.696.57 allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via a crafted HTML
  document.

CVE-2011-1452 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1452):
  Google Chrome before 11.0.696.57 allows user-assisted remote attackers to
  spoof the URL bar via vectors involving a redirect and a manual reload.

CVE-2011-1451 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1451):
  Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to "dangling
  pointers."

CVE-2011-1450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1450):
  Google Chrome before 11.0.696.57 does not properly present file dialogs,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to "dangling
  pointers."

CVE-2011-1449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1449):
  Use-after-free vulnerability in the WebSockets implementation in Google
  Chrome before 11.0.696.57 allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via unknown vectors.

CVE-2011-1448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1448):
  Google Chrome before 11.0.696.57 does not properly perform height
  calculations, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors that lead to a
  "stale pointer."

CVE-2011-1447 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1447):
  Google Chrome before 11.0.696.57 does not properly handle drop-down lists,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1446 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1446):
  Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL
  bar via vectors involving (1) a navigation error or (2) an interrupted load.

CVE-2011-1445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1445):
  Google Chrome before 11.0.696.57 does not properly handle SVG documents,
  which allows remote attackers to cause a denial of service (out-of-bounds
  read) via unspecified vectors.

CVE-2011-1443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1443):
  Google Chrome before 11.0.696.57 does not properly implement layering, which
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to "stale pointers."

CVE-2011-1442 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1442):
  Google Chrome before 11.0.696.57 does not properly handle mutation events,
  which allows remote attackers to cause a denial of service (node tree
  corruption) or possibly have unspecified other impact via unknown vectors.

CVE-2011-1441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1441):
  Google Chrome before 11.0.696.57 does not properly perform a cast of an
  unspecified variable during handling of floating select lists, which allows
  remote attackers to cause a denial of service or possibly have unknown other
  impact via a crafted HTML document.

CVE-2011-1440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1440):
  Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to the ruby element and Cascading Style
  Sheets (CSS) token sequences.

CVE-2011-1439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1439):
  Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer
  processes, which has unspecified impact and remote attack vectors.

CVE-2011-1438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1438):
  Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same
  Origin Policy via vectors involving blobs.

CVE-2011-1437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1437):
  Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to float rendering.

CVE-2011-1436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1436):
  Google Chrome before 11.0.696.57 on Linux does not properly interact with
  the X Window System, which allows remote attackers to cause a denial of
  service (application crash) via unspecified vectors.

CVE-2011-1435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1435):
  Google Chrome before 11.0.696.57 does not properly implement the tabs
  permission for extensions, which allows remote attackers to read local files
  via a crafted extension.

CVE-2011-1434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1434):
  Google Chrome before 11.0.696.57 does not ensure thread safety during
  handling of MIME data, which allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via unknown vectors.

CVE-2011-1305 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1305):
  Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to linked lists and a database.

CVE-2011-1304 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1304):
  Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote
  attackers to bypass the pop-up blocker via vectors related to plug-ins.

CVE-2011-1303 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1303):
  Google Chrome before 11.0.696.57 does not properly handle floating objects,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale pointer."