Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 356933

Summary: <www-client/chromium-9.0.597.107: multiple vulnerabilities (CVE-2011-{1107,1108,1109,1110,1111,1112,1113,1114,1115,1116,1117,1118,1119,1120,1121,1122,1123,1124,1125})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-01 07:44:43 UTC 
Release notes: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html


At this moment we have no CVE numbers for the vulnerabilities described here.

Synopsis:

Multiple vulnerabilities have been reported in Chromium, some of which may
allow user-assisted execution of arbitrary code within the confines of the
sandbox.

Impact:

A remote attacker could entice a user to visit a specially-crafted web page
that would trigger one of the vulnerabilities, leading to execution of
arbitrary code within confines of the sandbox, or a Denial of Service.

This release also fixes a URL bar spoofing attack (unspecified details).

There are some more vulnerabilities of unspecified impact, but none of them is critical:

[$500] [63732] High Crash with javascript dialogs.
[64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization.
[72214] High Accidental exposure of internal extension functions.

Arches, please test and mark stable: =www-client/chromium-9.0.597.107
Comment 1 Markos Chandras (RETIRED) gentoo-dev 2011-03-01 11:14:14 UTC 
amd64 done
Comment 2 Thomas Kahle (RETIRED) gentoo-dev 2011-03-02 10:45:16 UTC 
x86 done. Closing.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-03-03 07:09:53 UTC 
Thanks, folks. Would it be possible bump chromium-bin too?
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-05 09:39:15 UTC 
(In reply to comment #3)
> Thanks, folks. Would it be possible bump chromium-bin too?

chromium-bin is masked for removal. I think we should proceed with the GLSA request.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-03-05 21:10:21 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> > Thanks, folks. Would it be possible bump chromium-bin too?
> 
> chromium-bin is masked for removal. I think we should proceed with the GLSA
> request.
> 

Sounds good, thank you. Added to existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:01:45 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:48 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:24:02 UTC 
CVE-2011-1125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1125):
  Google Chrome before 9.0.597.107 does not properly perform layout, which
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1124):
  Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to blocked plug-ins.

CVE-2011-1123 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1123):
  Google Chrome before 9.0.597.107 does not properly restrict access to
  internal extension functions, which has unspecified impact and remote attack
  vectors.

CVE-2011-1122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1122):
  The WebGL implementation in Google Chrome before 9.0.597.107 allows remote
  attackers to cause a denial of service (out-of-bounds read) via unspecified
  vectors, aka Issue 71960.

CVE-2011-1121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1121):
  Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors involving a TEXTAREA element.

CVE-2011-1120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1120):
  The WebGL implementation in Google Chrome before 9.0.597.107 allows remote
  attackers to cause a denial of service (out-of-bounds read) via unspecified
  vectors, aka Issue 71717.

CVE-2011-1119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1119):
  Google Chrome before 9.0.597.107 does not properly determine device
  orientation, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors that lead to a
  "stale pointer."

CVE-2011-1118 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1118):
  Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements,
  which allows remote attackers to cause a denial of service (application
  crash) or possibly have unspecified other impact via a crafted HTML
  document.

CVE-2011-1117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1117):
  Google Chrome before 9.0.597.107 does not properly handle XHTML documents,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to "stale nodes."

CVE-2011-1116 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1116):
  Google Chrome before 9.0.597.107 does not properly handle SVG animations,
  which allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1115 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1115):
  Google Chrome before 9.0.597.107 does not properly render tables, which
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1114 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1114):
  Google Chrome before 9.0.597.107 does not properly handle tables, which
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors that lead to a "stale node."

CVE-2011-1113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1113):
  Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly
  perform pickle deserialization, which allows remote attackers to cause a
  denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-1112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1112):
  Google Chrome before 9.0.597.107 does not properly perform SVG rendering,
  which allows remote attackers to cause a denial of service (application
  crash) or possibly have unspecified other impact via unknown vectors.

CVE-2011-1111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1111):
  Google Chrome before 9.0.597.107 does not properly implement forms controls,
  which allows remote attackers to cause a denial of service (application
  crash) or possibly have unspecified other impact via unknown vectors.

CVE-2011-1110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1110):
  Google Chrome before 9.0.597.107 does not properly implement key frame
  rules, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors that lead to a
  "stale pointer."

CVE-2011-1109 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1109):
  Google Chrome before 9.0.597.107 does not properly process nodes in
  Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to
  cause a denial of service or possibly have unspecified other impact via
  unknown vectors that lead to a "stale pointer."

CVE-2011-1108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1108):
  Google Chrome before 9.0.597.107 does not properly implement JavaScript
  dialogs, which allows remote attackers to cause a denial of service
  (application crash) or possibly have unspecified other impact via a crafted
  HTML document.

CVE-2011-1107 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1107):
  Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote
  attackers to spoof the URL bar via unknown vectors.