Summary: | <www-client/chromium-11.0.696.71: multiple vulnerabilities (CVE-2011-{1801,1804,1806,1807}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-05-25 06:09:38 UTC
works as usual. amd64; ditto Ago x86 stable Guys, I suggest to hold on with the stabilization. There is a new bug in .71 reported http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1801 Just to remind, it takes up to 2 hours to compile chromium on some old laptops. I even started to mask all newly stabilized versions even on descent hardware because it's simply too annoying. (In reply to comment #4) > I suggest to hold on with the stabilization. There is a new bug in .71 reported > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1801 The bug you linked to is one of the holes _fixed_ in .71: "Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.". Also, you can see CVE-2011-1801 mentioned in the release notes: http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html amd64 done. Thanks Agostino and Ian Thanks, everyone. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). This issue was resolved and addressed in GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml by GLSA coordinator Alex Legler (a3li). CVE-2011-1807 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1807): Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write. CVE-2011-1806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1806): Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2011-1804 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1804): rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1801 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1801): Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors. |