Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 367013

Summary: <www-client/chromium-11.0.696.68: multiple vulnerabilities (CVE-2011-{1799,1800})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-05-12 18:02:31 UTC 
Release notes: http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html

Synopsis:

Multiple vulnerabilities have been reported in Chromium, that may
allow user-assisted execution of arbitrary code within confines of the sandbox.

Impact:

A remote attacker could entice a user to visit a specially-crafted web page
that would trigger one of the vulnerabilities, leading to execution of
arbitrary code within confines of the sandbox, or a Denial of Service.

Arches, please stabilize =www-client/chromium-11.0.696.68
Comment 1 Agostino Sarubbo gentoo-dev 2011-05-12 22:54:10 UTC 
works as usual.
Comment 2 Thomas Kahle (RETIRED) gentoo-dev 2011-05-13 08:08:41 UTC 
x86 stable. Thanks
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2011-05-13 22:09:14 UTC 
amd64 done. Thanks Agostino
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-05-13 22:17:11 UTC 
Thanks, everyone. Added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:17 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:03:27 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:32:16 UTC 
CVE-2011-1800 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1800):
  Multiple integer overflows in the SVG Filters implementation in WebCore in
  WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a
  denial of service or possibly have unspecified other impact via unknown
  vectors.

CVE-2011-1799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1799):
  Google Chrome before 11.0.696.68 does not properly perform casts of
  variables during interaction with the WebKit engine, which allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors.