275745 – (CVE-2009-2121) <=www-client/chromium-bin-? buffer overflow (CVE-2009-2121)

Bug 275745 (CVE-2009-2121) - <=www-client/chromium-bin-? buffer overflow (CVE-2009-2121)

Summary: <=www-client/chromium-bin-? buffer overflow (CVE-2009-2121)

Status:	RESOLVED FIXED

Alias:	CVE-2009-2121

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://googlechromereleases.blogspot....
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-06-28 20:59 UTC by Stefan Behte (RETIRED)
Modified:	2009-11-07 00:19 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-06-28 20:59:50 UTC

CVE-2009-2121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2121):
  Buffer overflow in the browser kernel in Google Chrome before
  2.0.172.33 allows remote HTTP servers to cause a denial of service
  (application crash) or possibly execute arbitrary code via a crafted
  response.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-06-28 21:02:17 UTC

This is hardmasked, so we do not have to hurry.

Comment 2 Bernard Cafarelli gentoo-dev

2009-06-28 22:47:17 UTC

chromium-bin-9999 is hardmasked, but -0_p* are not (just ~x86 keyworded), so let's fix that one ;)

From http://code.google.com/p/chromium/issues/detail?id=14508, chromium trunk was fixed in revision 18687, so for us it's <=www-client/chromium-bin-0_p18366 vulnerable. I've just removed this version from portage

I've tested the "listener of death" from the bugreport with 0_p19106 (current ebuild in portage), and it did not crash

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-11-07 00:19:37 UTC

Thanks! Closing noglsa.