Summary: | <www-client/chromium-23.0.1271.91 multiple vulnerabilites (CVE-2012-{5130,5132,5133,5135,5136}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=444836 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2012-11-26 18:37:55 UTC
CVE-2012-5131 is Mac-specific CVS-2012-5134 appears to be a libxml bug; we use the system library I should have a version bump committed this evening. Please stabilize. =www-client/chromium-23.0.1271.91 amd64 stable x86 stable CVE-2012-5136 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136): Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. CVE-2012-5135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135): Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. CVE-2012-5133 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133): Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. CVE-2012-5132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132): Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding. CVE-2012-5130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130): Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Added to existing GLSA draft. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |