Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 325451 - <www-client/chromium-5.0.375.86: Multiple vulnerabilities
Summary: <www-client/chromium-5.0.375.86: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-25 05:39 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2010-12-18 00:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-06-25 05:39:21 UTC
See the release notes at http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html . Copy-pasting the vulnerability information here.

[38105] Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery.
[43322] Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team.
[43967] High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team.
[45267] High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar).
[$500] [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE. 

Fixed ebuild (chromium-5.0.375.86) is already in the tree. Arch teams, please stabilize. Security, please prepare GLSA, and let me know if you need more info.
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2010-06-25 10:01:10 UTC
> Emanuele Gentili for regression discovery.

 Luckily he is not with us anymore. x86 stable
Comment 2 Christoph Mende (RETIRED) gentoo-dev 2010-06-25 20:15:30 UTC
amd64 stable
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2010-06-26 11:47:13 UTC
Also http://secunia.com/advisories/40351/ .

Impact mostly unspecified, so I'm rating this as B3.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-06-26 11:47:43 UTC
As such, I vote NO.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-06-26 14:22:37 UTC
Also see http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines

None of these is rated critical. I'm going to get more info on Monday.
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-06-28 17:31:59 UTC
[45267] High Memory error in video handling. Credit to Google Chrome Security
Team (Cris Neckar).

The above seems to be the most severe vulnerability, allowing a sandbox escape. Combined with another bug in the renderer it might allow remote code execution after enticing the user to visit a malicious website.

That might make you consider bumping the severity to B2.

[43322] Medium Memory error in video handling. Credit to Mark Dowd under
contract to Google Chrome Security Team.

Issue 43322 (see above) does not affect Gentoo, because we build with -Denable-gpu=0.
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2010-06-28 18:09:27 UTC
Thanks for the information, Paweł.
Comment 8 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-09-17 01:05:11 UTC
Chromium Herd has nothing to do here. The vulnerable versions are no longer in the tree.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2010-12-18 00:05:41 UTC
GLSA 201012-01, thanks everyone.