Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 407755 (CVE-2011-3047) - <www-client/chromium-17.0.963.79: Errant plug-in load and GPU process memory corruption (CVE-2011-3047)
Summary: <www-client/chromium-17.0.963.79: Errant plug-in load and GPU process memory ...
Status: RESOLVED FIXED
Alias: CVE-2011-3047
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-11 03:48 UTC by Mike Gilbert
Modified: 2012-03-25 16:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2012-03-11 03:48:33 UTC
Here's the (hopefully last) daily security bump for Chromium.
Comment 1 Mike Gilbert gentoo-dev 2012-03-11 03:50:34 UTC
Please stabilize =www-client/chromium-17.0.963.79.
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-11 11:58:40 UTC
x86 stable
Comment 3 Richard Freeman gentoo-dev 2012-03-11 13:23:59 UTC
amd64 stable.  

Wonder if we can get emerge or genlop to output the number of digits of pi I could have calculated in the time spent building this over the last week...
Comment 4 Tanktalus 2012-03-11 14:05:29 UTC
And this version doesn't load *any* plug-ins.  I'm not sure that's an improvement.
Comment 5 Tanktalus 2012-03-11 14:19:21 UTC
Sorry, ignore that.  Apparently, chrome left itself loaded and that caused the disagreement.  When I figured that out, and couldn't find where the windows were, I pkilled it (a few times) to force a proper reload.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-11 14:49:29 UTC
Thanks, everyone. Already on a GLSA draft.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-03-22 17:07:06 UTC
CVE-2011-3047 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3047):
  The GPU process in Google Chrome before 17.0.963.79 allows remote attackers
  to execute arbitrary code or cause a denial of service (memory corruption)
  by leveraging an error in the plug-in loading mechanism.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-03-25 16:08:00 UTC
This issue was resolved and addressed in
 GLSA 201203-19 at http://security.gentoo.org/glsa/glsa-201203-19.xml
by GLSA coordinator Tim Sammut (underling).