Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 423719 - <www-client/chromium-20.0.1132.43: multiple vulnerabilities (CVE-2012-{2807,2815,2817,2818,2819,2820,2821,2823,2824,2825,2826,2829,2830,2831,2834})
Summary: <www-client/chromium-20.0.1132.43: multiple vulnerabilities (CVE-2012-{2807,2...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-26 23:34 UTC by Mike Gilbert
Modified: 2012-08-14 20:58 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2012-06-26 23:34:57 UTC 
Release notes in URL.

Pawel is on vacation, so if someone else wants to write the GLSA have at it.
Comment 1 Mike Gilbert gentoo-dev 2012-06-26 23:37:00 UTC 
Please stabilize.

=dev-lang/v8-3.10.8.19
=www-client/chromium-20.0.1132.43
Comment 2 Richard Freeman gentoo-dev 2012-06-27 01:37:33 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2012-06-27 09:37:56 UTC 
cve2012-2816 is windows only.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-27 21:54:55 UTC 
CVE-2012-2834 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834):
  Integer overflow in Google Chrome before 20.0.1132.43 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via crafted data in the Matroska container format.

CVE-2012-2831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to SVG references.

CVE-2012-2830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830):
  Google Chrome before 20.0.1132.43 does not properly set array values, which
  allows remote attackers to cause a denial of service (incorrect pointer use)
  or possibly have unspecified other impact via unknown vectors.

CVE-2012-2829 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829):
  Use-after-free vulnerability in the Cascading Style Sheets (CSS)
  implementation in Google Chrome before 20.0.1132.43 allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors related to the :first-letter pseudo-element.

CVE-2012-2826 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826):
  Google Chrome before 20.0.1132.43 does not properly implement texture
  conversion, which allows remote attackers to cause a denial of service
  (out-of-bounds read) via unspecified vectors.

CVE-2012-2825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825):
  The XSL implementation in Google Chrome before 20.0.1132.43 allows remote
  attackers to cause a denial of service (incorrect read operation) via
  unspecified vectors.

CVE-2012-2824 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to SVG painting.

CVE-2012-2823 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to SVG resources.

CVE-2012-2821 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821):
  The autofill implementation in Google Chrome before 20.0.1132.43 does not
  properly display text, which has unspecified impact and remote attack
  vectors.

CVE-2012-2820 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820):
  Google Chrome before 20.0.1132.43 does not properly implement SVG filters,
  which allows remote attackers to cause a denial of service (out-of-bounds
  read) via unspecified vectors.

CVE-2012-2819 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819):
  The texSubImage2D implementation in the WebGL subsystem in Google Chrome
  before 20.0.1132.43 does not properly handle uploads to floating-point
  textures, which allows remote attackers to cause a denial of service
  (assertion failure and application crash) or possibly have unspecified other
  impact via a crafted web page, as demonstrated by certain WebGL performance
  tests, aka rdar problem 11520387.

CVE-2012-2818 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to the layout of documents that use the
  Cascading Style Sheets (CSS) counters feature.

CVE-2012-2817 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to tables that have sections.

CVE-2012-2815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815):
  Google Chrome before 20.0.1132.43 allows remote attackers to obtain
  potentially sensitive information from a fragment identifier by leveraging
  access to an IFRAME element associated with a different domain.
Comment 5 Agostino Sarubbo gentoo-dev 2012-06-28 09:05:33 UTC 
x86 stable


Please go ahead with glsa.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-08-14 20:58:59 UTC 
This issue was resolved and addressed in
 GLSA 201208-03 at http://security.gentoo.org/glsa/glsa-201208-03.xml
by GLSA coordinator Sean Amoss (ackle).