Summary: | <www-client/chromium-9.0.597.94: multiple vulnerabilities (CVE-2011-{0981,0982,0983,0984,0985}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-02-08 18:02:41 UTC
chromium-9.0.597.94 is in CVS now (In reply to comment #1) > chromium-9.0.597.94 is in CVS now > Great, thank you. Arches, please test and mark stable: =www-client/chromium-9.0.597.94 Target keywords : "amd64 x86" works for me on amd64 amd64 done. Thanks Agostino x86 stable Thanks, folks. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). CVE-2011-0985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0985): Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. CVE-2011-0984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0984): Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-0983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0983): Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-0982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0982): Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces. CVE-2011-0981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0981): Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." |