Summary: | <www-client/chromium-16.0.912.63, <dev-lang/v8-3.6.6.11: Multiple vulnerabilities (CVE-2011-{3903,3904,3906,3907,3908,3909,3910,3912,3913,3914,3917}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 390299 | ||
Bug Blocks: |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-12-13 18:40:08 UTC
Please stabilize: =www-client/chromium-16.0.912.63 =dev-lang/v8-3.6.6.11 The Gentoo Chromium team will of course try to do its own testing and stabilization. Removing CVEs that only affect Google Chrome, not Chromium. !!! All ebuilds that could satisfy "dev-lang/nacl-toolchain-newlib" have been masked. !!! One of the following masked packages is required to complete your request: - dev-lang/nacl-toolchain-newlib-0_p7311::gentoo (masked by: ~x86 keyword) - dev-lang/nacl-toolchain-newlib-0_p6869-r1::gentoo (masked by: ~x86 keyword) (dependency required by "www-client/chromium-16.0.912.63" [ebuild]) (dependency required by "=www-client/chromium-16.0.912.63" [argument]) For more information, see the MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. Depends on bug 390299. Tested briefly on amd64, nothing seems to be broken. Would like another ack before committing. (In reply to comment #3) > !!! All ebuilds that could satisfy "dev-lang/nacl-toolchain-newlib" have been > masked. > !!! One of the following masked packages is required to complete your request: > - dev-lang/nacl-toolchain-newlib-0_p7311::gentoo (masked by: ~x86 keyword) > - dev-lang/nacl-toolchain-newlib-0_p6869-r1::gentoo (masked by: ~x86 keyword) > > (dependency required by "www-client/chromium-16.0.912.63" [ebuild]) > (dependency required by "=www-client/chromium-16.0.912.63" [argument]) > For more information, see the MASKED PACKAGES section in the emerge > man page or refer to the Gentoo Handbook. > > Depends on bug 390299. stable now for x86, go ahead ;) amd64 stable, thanks Mike x86 stable Pawel, please continue with glsa ;) CVE-2011-3917 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3917): Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-3914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3914): The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. CVE-2011-3913 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3913): Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling. CVE-2011-3912 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3912): Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. CVE-2011-3910 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3910): Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3909 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3909): The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. CVE-2011-3908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3908): Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3907): The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors. CVE-2011-3906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3906): The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3904): Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling. CVE-2011-3903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3903): Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. This issue was resolved and addressed in GLSA 201201-03 at http://security.gentoo.org/glsa/glsa-201201-03.xml by GLSA coordinator Tim Sammut (underling). |