Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 363629

Summary: <www-client/chromium-10.0.648.205: multiple vulnerabilities (CVE-2011-{1301,1302})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: alexanderyt, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-04-14 19:53:34 UTC
Release notes: http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Synopsis:

Multiple vulnerabilities have been reported in Chromium, that may
allow user-assisted execution of arbitrary code.

Impact:

A remote attacker could entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code, or a Denial of Service.

Arches, please stabilize =www-client/chromium-10.0.648.205
Comment 1 Agostino Sarubbo gentoo-dev 2011-04-15 13:28:09 UTC
works here!
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2011-04-16 16:39:48 UTC
x86 stable
Comment 3 Christoph Mende (RETIRED) gentoo-dev 2011-04-16 18:58:57 UTC
amd64 stable
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-04-16 19:01:43 UTC
Thanks, folks. Added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:01 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:03:09 UTC
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:28:10 UTC
CVE-2011-1302 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1302):
  Heap-based buffer overflow in the GPU process in Google Chrome before
  10.0.648.205 allows remote attackers to execute arbitrary code via unknown
  vectors.

CVE-2011-1301 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1301):
  Use-after-free vulnerability in the GPU process in Google Chrome before
  10.0.648.205 allows remote attackers to execute arbitrary code via unknown
  vectors.