Summary: | <www-client/chromium-6.0.472.62 multiple vulnerabilities (CVE-2010-{1822,3729,3730}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2010-09-20 16:27:19 UTC
amd64 stable (a very small number of changes, and several hours of compiling, later...) I tested it on x86, it looks good to go over here! +1 x86 x86 stable, all arches done. GLSA with bug 326717. GLSA 201012-01, thanks everyone. CVE-2010-3730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3730): Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. CVE-2010-3729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3729): The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors. CVE-2010-1822 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1822): WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. |