Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 380311

Summary: <www-client/chromium-13.0.782.215: multiple vulnerabilities (CVE-2011-{2823,2824,2825,2826,2827,2828,2829})
Product: Gentoo Security Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-23 02:46:45 UTC 
Gentoo is _not_ affected by CVE-2011-2839 (we don't ship binary PDF plugin).

CVE-2011-2821 is vulnerability in libxml, we use the system one (it should be checked).
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-08-23 02:47:45 UTC 
Arches, please stabilize =www-client/chromium-13.0.782.215
Comment 2 Agostino Sarubbo gentoo-dev 2011-08-23 09:56:15 UTC 
amd64 ok as usual
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2011-08-23 17:10:45 UTC 
amd64 done. Thanks Agostino
Comment 4 Thomas Kahle (RETIRED) gentoo-dev 2011-08-24 11:16:36 UTC 
x86 done. Thanks
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-08-24 15:00:15 UTC 
Thanks, folks. Added to existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:02:59 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-01 10:03:57 UTC 
This issue was resolved and addressed in
 GLSA 201111-01 at http://security.gentoo.org/glsa/glsa-201111-01.xml
by GLSA coordinator Alex Legler (a3li).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:40:30 UTC 
CVE-2011-2829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2829):
  Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors involving uniform arrays.

CVE-2011-2828 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2828):
  Google V8, as used in Google Chrome before 13.0.782.215, allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors that trigger an out-of-bounds write.

CVE-2011-2827 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2827):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to text searching.

CVE-2011-2826 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2826):
  Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same
  Origin Policy via vectors related to empty origins.

CVE-2011-2825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2825):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving custom fonts.

CVE-2011-2824 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2824):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving counter nodes.

CVE-2011-2823 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2823):
  Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving a line box.