| Summary: | <www-client/chromium-22.0.1229.92 multiple vulnerabilities (CVE-2012-{2900,5108,5110,5111}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | ago, chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Mike Gilbert
2012-10-09 01:24:54 UTC
Please stabilize: =dev-lang/v8-3.12.19.15 =www-client/chromium-22.0.1229.92 x86 stable amd64 stable amd64 stable, go ahead with the glsa CVE-2012-5111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111): Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors. CVE-2012-5110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110): The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2012-5108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108): Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices. CVE-2012-2900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900): Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. This issue was resolved and addressed in GLSA 201210-07 at http://security.gentoo.org/glsa/glsa-201210-07.xml by GLSA coordinator Sean Amoss (ackle). |