Summary: | <www-client/chromium-20.0.1132.43: multiple vulnerabilities (CVE-2012-{2807,2815,2817,2818,2819,2820,2821,2823,2824,2825,2826,2829,2830,2831,2834}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ago, chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2012-06-26 23:34:57 UTC
Please stabilize. =dev-lang/v8-3.10.8.19 =www-client/chromium-20.0.1132.43 amd64 stable cve2012-2816 is windows only. CVE-2012-2834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834): Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format. CVE-2012-2831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831): Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references. CVE-2012-2830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830): Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors. CVE-2012-2829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829): Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. CVE-2012-2826 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826): Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2012-2825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825): The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. CVE-2012-2824 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824): Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. CVE-2012-2823 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823): Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources. CVE-2012-2821 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821): The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors. CVE-2012-2820 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820): Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2012-2819 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819): The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387. CVE-2012-2818 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818): Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature. CVE-2012-2817 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817): Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections. CVE-2012-2815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815): Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. x86 stable Please go ahead with glsa. This issue was resolved and addressed in GLSA 201208-03 at http://security.gentoo.org/glsa/glsa-201208-03.xml by GLSA coordinator Sean Amoss (ackle). |