Summary: | <www-client/chromium-18.0.1025.151: multiple vulnerabilities (CVE-2011-{3066,3067,3068,3069,3070,3071,3072,3073,3074,3075,3076,3077}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ago, chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2012-04-05 21:20:56 UTC
Please test and stabilize on amd64 and x86. Target version is: =www-client/chromium-18.0.1025.151 amd64 stable x86 stable, thanks. Pawel, as usual, go ahead with the glsa ;) (In reply to comment #5) > Pawel, as usual, go ahead with the glsa ;) GLSA draft ready for review. CVE-2011-3077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3077): Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue. CVE-2011-3076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3076): Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. CVE-2011-3075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3075): Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. CVE-2011-3074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3074): Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. CVE-2011-3073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3073): Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources. CVE-2011-3072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3072): Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows. CVE-2011-3071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3071): Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-3070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3070): Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings. CVE-2011-3069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3069): Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. CVE-2011-3068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3068): Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. CVE-2011-3067 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3067): Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. CVE-2011-3066 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3066): Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. This issue was resolved and addressed in GLSA 201204-03 at http://security.gentoo.org/glsa/glsa-201204-03.xml by GLSA coordinator Tim Sammut (underling). |