Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 437664

Summary: <www-client/chromium-22.0.1229.92 multiple vulnerabilities (CVE-2012-{2900,5108,5110,5111})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ago, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2012-10-09 01:24:54 UTC
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2012-10-09 01:26:44 UTC
Please stabilize:

=dev-lang/v8-3.12.19.15
=www-client/chromium-22.0.1229.92
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-10-09 13:44:08 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2012-10-09 18:54:55 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2012-10-09 19:00:03 UTC
amd64 stable, go ahead with the glsa
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 20:31:34 UTC
CVE-2012-5111 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111):
  Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper
  plug-ins, which has unspecified impact and remote attack vectors.

CVE-2012-5110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110):
  The compositor in Google Chrome before 22.0.1229.92 allows remote attackers
  to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2012-5108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108):
  Race condition in Google Chrome before 22.0.1229.92 allows remote attackers
  to execute arbitrary code via vectors related to audio devices.

CVE-2012-2900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900):
  Skia, as used in Google Chrome before 22.0.1229.92, does not properly render
  text, which allows remote attackers to cause a denial of service
  (application crash) or possibly have unspecified other impact via unknown
  vectors.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-10-21 15:43:35 UTC
This issue was resolved and addressed in
 GLSA 201210-07 at http://security.gentoo.org/glsa/glsa-201210-07.xml
by GLSA coordinator Sean Amoss (ackle).