Summary: | <www-client/chromium-24.0.1313.52, <dev-lang/v8-3.14.5.3 multiple vulnerabilities (CVE-2012-{5145,5146,5147,5148,5149,5150,5152,5153,5154},CVE-2013-{0828,0829,0830,0831,0832,0833,0834,0835,0836,0837,0838}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2013-01-11 02:07:55 UTC
Please stabilize: =dev-lang/v8-3.14.5.3 =www-client/chromium-24.0.1313.52 Removed CVE numbers pertaining to PDF support. amd64 stable x86 stable Added to existing GLSA draft. CVE-2013-0838 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838): Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. CVE-2013-0837 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837): Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. CVE-2013-0836 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836): Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code. CVE-2013-0835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835): Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. CVE-2013-0834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834): Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. CVE-2013-0833 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833): Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. CVE-2013-0832 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832): Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. CVE-2013-0831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831): Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. CVE-2013-0829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829): Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. CVE-2012-5153 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153): Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory. CVE-2012-5152 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152): Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data. CVE-2012-5150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150): Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data. CVE-2012-5149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149): Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2012-5148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148): The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors. CVE-2012-5147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147): Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. CVE-2012-5146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146): Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. CVE-2012-5145 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145): Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |