Summary: | <www-client/chromium-23.0.1271.97 multiple vulnerabilities (CVE-2012-{5139,5140,5141,5142,5143,5144}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2012-12-12 02:55:44 UTC
Please stabilize. =www-client/chromium-23.0.1271.97 x86 stable amd64 stable stabilization done security, please add to the existing glsa CVE-2012-5144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144): Google Chrome before 23.0.1271.97 does not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2012-5143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143): Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. CVE-2012-5142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142): Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. CVE-2012-5141 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141): Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors. CVE-2012-5140 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140): Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader. CVE-2012-5139 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139): Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |