Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 429174 - <www-client/chromium-21.0.1180.57 multiple vulnerabilities (CVE-2012-{2846,2847,2848,2849,2853,2854,2857,2858,2859,2860})
Summary: <www-client/chromium-21.0.1180.57 multiple vulnerabilities (CVE-2012-{2846,28...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-31 21:02 UTC by Mike Gilbert
Modified: 2012-08-14 20:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2012-07-31 21:02:08 UTC
Release notes in URL.

I'm working on the version bump.
Comment 1 Mike Gilbert gentoo-dev 2012-07-31 21:07:30 UTC
Removing PDF viewer related CVEs.
Comment 2 Mike Gilbert gentoo-dev 2012-07-31 21:38:32 UTC
Please stabilize on amd64 and x86.

=dev-lang/v8-3.11.10.17
=www-client/chromium-21.0.1180.57
Comment 3 Agostino Sarubbo gentoo-dev 2012-08-01 11:16:08 UTC
amd64 stable
Comment 4 Richard Freeman gentoo-dev 2012-08-01 12:56:33 UTC
(In reply to comment #3)
> amd64 stable

Hmm, on my stable amd64 box Gmail doesn't load correctly with v21.

ago - does that work for you?
Comment 5 Mike Gilbert gentoo-dev 2012-08-01 13:18:31 UTC
(In reply to comment #4)
> Hmm, on my stable amd64 box Gmail doesn't load correctly with v21.

Works ok here. Can you try it with a fresh profile?

chromium --user-data-dir=/tmp/fresh
Comment 6 Richard Freeman gentoo-dev 2012-08-01 15:14:49 UTC
(In reply to comment #5)
> (In reply to comment #4)
> > Hmm, on my stable amd64 box Gmail doesn't load correctly with v21.
> 
> Works ok here. Can you try it with a fresh profile?
> 
> chromium --user-data-dir=/tmp/fresh

That fixed it.  I'll nuke my profile.
Comment 7 Yixun Lan archtester gentoo-dev 2012-08-03 07:34:28 UTC
Archtested on x86: Everything fine (build, runs, repoman check)

flollowing USEs combinations has been tested (with FEATURE "test" enabled)

www-client/chromium -bindist cups -custom-cflags gnome -gnome-keyring -kerberos
www-client/chromium -bindist -cups custom-cflags gnome -gnome-keyring -kerberos
www-client/chromium bindist -cups custom-cflags gnome -gnome-keyring -kerberos
www-client/chromium bindist -cups -custom-cflags -gnome gnome-keyring -kerberos
www-client/chromium bindist -cups -custom-cflags gnome gnome-keyring -kerberos
www-client/chromium bindist cups -custom-cflags gnome gnome-keyring -kerberos
www-client/chromium -bindist cups custom-cflags gnome gnome-keyring -kerberos
www-client/chromium bindist cups custom-cflags gnome gnome-keyring -kerberos
www-client/chromium bindist -cups -custom-cflags -gnome -gnome-keyring kerberos
www-client/chromium -bindist -cups -custom-cflags gnome gnome-keyring kerberos
www-client/chromium -bindist cups -custom-cflags gnome gnome-keyring kerberos
www-client/chromium bindist cups custom-cflags gnome gnome-keyring kerberos
www-client/chromium bash-completion xml python
Comment 8 Agostino Sarubbo gentoo-dev 2012-08-03 08:46:59 UTC
@floppym/chromium:

I can't keyword for x86 because I can't fetch v8-3.9.24.9.tar.bz2 to update the manifest. Please keyword both v8 and chromium for x86, works perfectly for me.
Comment 9 Richard Freeman gentoo-dev 2012-08-03 11:42:27 UTC
(In reply to comment #8)
> @floppym/chromium:
> 
> I can't keyword for x86 because I can't fetch v8-3.9.24.9.tar.bz2 to update
> the manifest. Please keyword both v8 and chromium for x86, works perfectly
> for me.

x86 stable
Comment 10 Agostino Sarubbo gentoo-dev 2012-08-03 15:05:09 UTC
Removed vulnerable version

Pawel, go ahead with glsa.
Comment 11 Mike Gilbert gentoo-dev 2012-08-03 15:07:43 UTC
(In reply to comment #10)
> Pawel, go ahead with glsa.

I believe he is still on vacation, and would not object if someone else took care of it.
Comment 12 Sean Amoss (RETIRED) gentoo-dev Security 2012-08-03 15:10:13 UTC
This is already on a GLSA draft - just waiting for another review.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-08-06 20:19:26 UTC
CVE-2012-2860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860):
  The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac
  OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows
  user-assisted remote attackers to cause a denial of service or possibly have
  unspecified other impact via a crafted web site.

CVE-2012-2859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859):
  Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs,
  which allows remote attackers to execute arbitrary code or cause a denial of
  service (application crash) via unspecified vectors.

CVE-2012-2858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858):
  Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on
  Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame,
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via a crafted WebP image.

CVE-2012-2857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857):
  Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM
  implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux,
  and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via a
  crafted document.

CVE-2012-2854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854):
  Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before
  21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain
  potentially sensitive information about pointer values by leveraging access
  to a WebUI renderer process.

CVE-2012-2853 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853):
  The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and
  Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not
  properly interact with the Chrome Web Store, which allows remote attackers
  to cause a denial of service or possibly have unspecified other impact via a
  crafted web site.

CVE-2012-2849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849):
  Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on
  Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame,
  allows remote attackers to cause a denial of service (out-of-bounds read)
  via a crafted image.

CVE-2012-2848 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848):
  The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac
  OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows
  user-assisted remote attackers to bypass intended file access restrictions
  via a crafted web site.

CVE-2012-2847 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847):
  Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before
  21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation
  before continuing a large series of downloads, which allows user-assisted
  remote attackers to cause a denial of service (resource consumption) via a
  crafted web site.

CVE-2012-2846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846):
  Google Chrome before 21.0.1180.57 on Linux does not properly isolate
  renderer processes, which allows remote attackers to cause a denial of
  service (cross-process interference) via unspecified vectors.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2012-08-14 20:59:03 UTC
This issue was resolved and addressed in
 GLSA 201208-03 at http://security.gentoo.org/glsa/glsa-201208-03.xml
by GLSA coordinator Sean Amoss (ackle).