Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 280232 (CVE-2009-2555) - <www-client/chromium-bin-2.0.172.37(?) arbitrary code execution (CVE-2009-{2555,2556,2578})
Summary: <www-client/chromium-bin-2.0.172.37(?) arbitrary code execution (CVE-2009-{25...
Status: RESOLVED FIXED
Alias: CVE-2009-2555
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-03 22:16 UTC by Stefan Behte (RETIRED)
Modified: 2009-11-06 23:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-08-03 22:16:19 UTC 
CVE-2009-2555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2555):
  Heap-based buffer overflow in src/jsregexp.cc in Google V8 before
  1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote
  attackers to execute arbitrary code in the Chrome sandbox via a
  crafted JavaScript regular expression.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-08-03 22:19:39 UTC 
voyageur:
I'm not sure about the versioning of chrome/chromium, or where I can search for info; can you have look?

Adding phajdan (see #279818), so he can have a look, too ;)
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-08-03 22:23:46 UTC 
CVE-2009-2555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2555):
  Heap-based buffer overflow in src/jsregexp.cc in Google V8 before
  1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote
  attackers to execute arbitrary code in the Chrome sandbox via a
  crafted JavaScript regular expression.

CVE-2009-2556 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2556):
  Google Chrome before 2.0.172.37 allows attackers to leverage renderer
  access to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unspecified
  vectors that trigger excessive memory allocation.

CVE-2009-2578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2578):
  Google Chrome 2.x through 2.0.172 allows remote attackers to cause a
  denial of service (application crash) via a long Unicode string
  argument to the write method, a related issue to CVE-2009-2479.
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2009-08-03 22:34:08 UTC 
Versions 2.0.172.x are branched off trunk at revision 12881.

It seems that the ebuild versions of chromium-bin contain the revision number from the repository. I checked which V8 was in the earliest one, at revision 21377. V8 was from 1.2 branch at that point.

Also, the version for the builds in range included in ebuilds is like 3.x.

I would say - unaffected. And even if it was affected, I would vote for no GLSA. People should not rely on trunk versions for security.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2009-08-03 23:01:06 UTC 
A GLSA wouldn't be written as there are ony unstable (and hardmasked) versions.
Comment 5 Bernard Cafarelli gentoo-dev 2009-08-20 09:28:42 UTC 
Indeed chromium-bin revision is based on revision number (I wonder if it may be worth to switch to a google-chrome-bin ebuild, now that they are available).

So no problem on this one (for chromium-bin at least)
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-06 23:51:01 UTC 
Thanks! Closing noglsa.