Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 344201 - <www-client/chromium-7.0.517.44 multiple vulnerabilities (CVE-2010-{4199,4201,4202,4205})
Summary: <www-client/chromium-7.0.517.44 multiple vulnerabilities (CVE-2010-{4199,4201...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-04 21:02 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-09-11 00:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-11-04 21:02:19 UTC 
See the release notes at http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

Some details:

[51602] High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar).
[$1000] [55257] High Memory corruption with enormous text area. Credit to wushi of team509.
[$1000] [58657] High Bad cast with the SVG use element. Credit to the kuzzcc.
[$1000] [58731] High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com).
[$500] [58741] High Use-after-free in text control selections. Credit to “vkouchna”.
[$1000] [Linux only] [59320] High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
[$1000] [60055] High Memory corruption in libvpx. Credit to Christoph Diehl.
[$500] [60238] High Bad use of destroyed frame object. Credit to various developers, including “gundlach”.
[$500] [60327] [60769] [61255] High Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno).
[$1000] [60688] High Out-of-bounds array access in SVG handling. Credit to wushi of team509.

You can read more about the severity ratings at
http://sites.google.com/a/chromium.org/dev/developers/severity-guidelines . I
suggest to rate it B2 on the Gentoo scale.

Arches, please test and stabilize =www-client/chromium-7.0.517.44
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2010-11-05 01:52:16 UTC 
x86 stable
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2010-11-05 03:10:41 UTC 
amd64 done
Comment 3 Agostino Sarubbo gentoo-dev 2010-11-05 09:03:31 UTC 
well also for me on amd64
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-12-18 00:06:58 UTC 
GLSA 201012-01, thanks everyone.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:14:12 UTC 
CVE-2010-4205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4205):
  Google Chrome before 7.0.517.44 does not properly handle the data types of
  event objects, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors.

CVE-2010-4202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4202):
  Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via a crafted font.

CVE-2010-4201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4201):
  Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving text control selections.

CVE-2010-4199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4199):
  Google Chrome before 7.0.517.44 does not properly perform a cast of an
  unspecified variable during processing of an SVG use element, which allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via a crafted SVG document.