Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 402841

Summary: <www-client/chromium-17.0.963.46-r1 : multiple vulnerabilities (CVE-2011-{3953,3954,3955,3956,3957,3958,3959,3960,3961,3962,3963,3964,3965,3966,3967,3968,3969,3970,3971,3972})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-02-09 10:36:28 UTC
From secunia: https://secunia.com/advisories/47938/

Description
Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system.

1) An unspecified error exists within clipboard monitoring after a paste event.

2) An unspecified error exists related to excessive database usage.

3) An unspecified error exists when aborting an IndexDB transaction.

4) An error exists when handling sandboxed origins inside extensions.

5) A use-after-free error exists in PDF garbage collection.

6) A type cast error exists when handling column spans.

7) An error within locale handling can be exploited to cause a buffer overflow.

8) An error within audio decoding can be exploited to cause an out-of-bounds read.

9) An unspecified error exists due to a race condition after a crash of a utility process.

10) An error within path clipping can be exploited to cause an out-of-bounds read.

11) An error within PDF fax image handling can be exploited to cause an out-of-bounds read.

12) An unspecified error when handling drag and drop may lead to URL bar confusion.

13) An unspecified error exists within a signature check.

14) A use-after-free error exists within stylesheet error handling.

15) An unspecified error exists when handling unusual certificates.

16) A use-after-free error exists within CSS handling.

17) A use-after-free error exists within SVG layout handling.

18) An error within libxslt can be exploited to cause an out-of-bounds read.

19) A use-after-free error exists when handling mousemove events.

20) An error within shader translator can be exploited to cause an out-of-bounds read.


Solution
Upgrade to version 17.0.963.46.
Comment 1 Mike Gilbert gentoo-dev 2012-02-09 13:15:40 UTC
We will need to stabilize v8-3.7.* as a dependency.

I assume ago will handle amd64.

Please stabilize:

=dev-lang/v8-3.7.12.20
=www-client/chromium-17.0.963.46-r1
Comment 2 Agostino Sarubbo gentoo-dev 2012-02-09 13:28:24 UTC
amd64 / x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2012-02-09 13:30:53 UTC
(In reply to comment #1)
> We will need to stabilize v8-3.7.* as a dependency.
> 
> I assume ago will handle amd64.

I did it also for x86 because I use it since many days,


@Pawel, please open and do glsa by yourself as usual ;)
Comment 4 PaweĊ‚ Hajdan, Jr. (RETIRED) gentoo-dev 2012-02-13 09:42:44 UTC
(In reply to comment #3)
> @Pawel, please open and do glsa by yourself as usual ;)

GLSA draft ready for review.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-02-18 17:36:30 UTC
This issue was resolved and addressed in
 GLSA 201202-01 at http://security.gentoo.org/glsa/glsa-201202-01.xml
by GLSA coordinator Tim Sammut (underling).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 05:06:08 UTC
CVE-2011-3972 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3972):
  The shader translator implementation in Google Chrome before 17.0.963.46
  allows remote attackers to cause a denial of service (out-of-bounds read)
  via unspecified vectors.

CVE-2011-3971 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3971):
  Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows
  user-assisted remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to mousemove events.

CVE-2011-3970 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3970):
  libxslt, as used in Google Chrome before 17.0.963.46, allows remote
  attackers to cause a denial of service (out-of-bounds read) via unspecified
  vectors.

CVE-2011-3969 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3969):
  Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to layout of SVG documents.

CVE-2011-3968 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3968):
  Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving Cascading Style Sheets (CSS) token
  sequences.

CVE-2011-3967 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3967):
  Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote
  attackers to cause a denial of service (application crash) via a crafted
  certificate.

CVE-2011-3966 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3966):
  Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to error handling for Cascading Style
  Sheets (CSS) token-sequence data.

CVE-2011-3965 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3965):
  Google Chrome before 17.0.963.46 does not properly check signatures, which
  allows remote attackers to cause a denial of service (application crash) via
  unspecified vectors.

CVE-2011-3964 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3964):
  Google Chrome before 17.0.963.46 does not properly implement the
  drag-and-drop feature, which makes it easier for remote attackers to spoof
  the URL bar via unspecified vectors.

CVE-2011-3963 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3963):
  Google Chrome before 17.0.963.46 does not properly handle PDF FAX images,
  which allows remote attackers to cause a denial of service (out-of-bounds
  read) via unspecified vectors.

CVE-2011-3962 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3962):
  Google Chrome before 17.0.963.46 does not properly perform path clipping,
  which allows remote attackers to cause a denial of service (out-of-bounds
  read) via unspecified vectors.

CVE-2011-3961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3961):
  Race condition in Google Chrome before 17.0.963.46 allows remote attackers
  to execute arbitrary code via vectors that trigger a crash of a utility
  process.

CVE-2011-3960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3960):
  Google Chrome before 17.0.963.46 does not properly decode audio data, which
  allows remote attackers to cause a denial of service (out-of-bounds read)
  via unspecified vectors.

CVE-2011-3959 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3959):
  Buffer overflow in the locale implementation in Google Chrome before
  17.0.963.46 allows remote attackers to cause a denial of service or possibly
  have unspecified other impact via unknown vectors.

CVE-2011-3958 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3958):
  Google Chrome before 17.0.963.46 does not properly perform casts of
  variables during handling of a column span, which allows remote attackers to
  cause a denial of service or possibly have unspecified other impact via a
  crafted document.

CVE-2011-3957 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3957):
  Use-after-free vulnerability in the garbage-collection functionality in
  Google Chrome before 17.0.963.46 allows remote attackers to cause a denial
  of service or possibly have unspecified other impact via vectors involving
  PDF documents.

CVE-2011-3956 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3956):
  The extension implementation in Google Chrome before 17.0.963.46 does not
  properly handle sandboxed origins, which might allow remote attackers to
  bypass the Same Origin Policy via a crafted extension.

CVE-2011-3955 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3955):
  Google Chrome before 17.0.963.46 allows remote attackers to cause a denial
  of service (application crash) or possibly have unspecified other impact via
  vectors that trigger the aborting of an IndexedDB transaction.

CVE-2011-3954 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3954):
  Google Chrome before 17.0.963.46 allows remote attackers to cause a denial
  of service (application crash) via vectors that trigger a large amount of
  database usage.

CVE-2011-3953 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3953):
  Google Chrome before 17.0.963.46 does not prevent monitoring of the
  clipboard after a paste event, which has unspecified impact and remote
  attack vectors.