Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 368655

Summary: <www-client/chromium-12.0.433.38: Multiple Vulnerabilities (CVE-2011-{2169,2170,2171})
Product: Gentoo Security Reporter: Benedikt Böhm (RETIRED) <hollow>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Benedikt Böhm (RETIRED) gentoo-dev 2011-05-25 06:31:50 UTC
- Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.

- Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors.

- Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2011-05-25 06:33:07 UTC
uhm .. just noticed this is about Chrome OS, not Chrome itself. Should be checked anyway.
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-05-25 06:52:08 UTC
We don't ship any of that code in Gentoo. Thank you for checking though, and feel free to ask me if you have more questions.