Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 390113

Summary: <www-client/{chromium-15.0.874.120,google-chrome-15.0.874.120_p108895}: multiple vulnerabilities (CVE-2011-{3892,3893,3894,3895,3896,3897,3898})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ago, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
Whiteboard: B2 [glsa] phajdan.jr
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2011-11-10 20:07:08 UTC
A new version of dev-lang/v8 was also released, but I'm not sure if it fixes any security problems.
Comment 1 Mike Gilbert gentoo-dev 2011-11-10 20:13:39 UTC
New versions have been added to the tree:

dev-lang/v8-3.5.10.23
www-client/chromium-15.0.874.120
www-client/google-chrome-15.0.874.120_p108895

google-chrome should NOT be stabilized.
Comment 2 Mike Gilbert gentoo-dev 2011-11-10 21:14:36 UTC
Please stabilize:

=dev-lang/v8-3.5.10.23
=www-client/chromium-15.0.874.120
Comment 3 Agostino Sarubbo gentoo-dev 2011-11-10 22:03:07 UTC
As per agreement between amd64 and chromium, no needs amd64 here.

(In reply to comment #2)
> Please stabilize:
> 
> =dev-lang/v8-3.5.10.23
> =www-client/chromium-15.0.874.120

both ok, you can mark stable.
Comment 4 Mike Gilbert gentoo-dev 2011-11-10 22:08:52 UTC
amd64 done. Thanks again ago.
Comment 5 PaweĊ‚ Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-11 11:59:04 UTC
x86 stable, working on GLSA draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2011-11-16 23:29:53 UTC
CVE-2011-3898 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3898):
  Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is
  used, does not request user confirmation before applet execution begins,
  which allows remote attackers to have an unspecified impact via a crafted
  applet.

CVE-2011-3897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3897):
  Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows
  user-assisted remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to editing.

CVE-2011-3896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3896):
  Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors related to shader variable mapping.

CVE-2011-3895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895):
  Heap-based buffer overflow in the Vorbis decoder in Google Chrome before
  15.0.874.120 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via a crafted stream.

CVE-2011-3894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3894):
  Google Chrome before 15.0.874.120 does not properly perform VP8 decoding,
  which allows remote attackers to cause a denial of service (memory
  corruption) or possibly have unspecified other impact via a crafted stream.

CVE-2011-3893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893):
  Google Chrome before 15.0.874.120 does not properly implement the MKV and
  Vorbis media handlers, which allows remote attackers to cause a denial of
  service (out-of-bounds read) via unspecified vectors.

CVE-2011-3892 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3892):
  Double free vulnerability in the Theora decoder in Google Chrome before
  15.0.874.120 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via a crafted stream.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-11-19 16:42:59 UTC
This issue was resolved and addressed in
 GLSA 201111-05 at http://security.gentoo.org/glsa/glsa-201111-05.xml
by GLSA coordinator Tim Sammut (underling).