Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Tim Sammut <underling@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201203-19 ] Chromium: Multiple vulnerabilities
Date: Sun, 25 Mar 2012 16:29:47
Message-Id: 4F6F4658.20609@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201203-19
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: March 25, 2012
10 Bugs: #406975, #407465, #407755, #409251
11 ID: 201203-19
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been reported in Chromium, some of which
19 may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open source web browser project.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-client/chromium < 17.0.963.83 >= 17.0.963.83
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Chromium. Please
38 review the CVE identifiers and release notes referenced below for
39 details.
40
41 Impact
42 ======
43
44 A remote attacker could entice a user to open a specially crafted web
45 site using Chromium, possibly resulting in the execution of arbitrary
46 code with the privileges of the process, a Denial of Service condition,
47 Universal Cross-Site Scripting, or installation of an extension without
48 user interaction.
49
50 A remote attacker could also entice a user to install a specially
51 crafted extension that would interfere with browser-issued web
52 requests.
53
54 Workaround
55 ==========
56
57 There is no known workaround at this time.
58
59 Resolution
60 ==========
61
62 All Chromium users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.83"
66
67 References
68 ==========
69
70 [ 1 ] CVE-2011-3031
71 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3031
72 [ 2 ] CVE-2011-3032
73 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3032
74 [ 3 ] CVE-2011-3033
75 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3033
76 [ 4 ] CVE-2011-3034
77 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3034
78 [ 5 ] CVE-2011-3035
79 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3035
80 [ 6 ] CVE-2011-3036
81 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3036
82 [ 7 ] CVE-2011-3037
83 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3037
84 [ 8 ] CVE-2011-3038
85 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3038
86 [ 9 ] CVE-2011-3039
87 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3039
88 [ 10 ] CVE-2011-3040
89 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3040
90 [ 11 ] CVE-2011-3041
91 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3041
92 [ 12 ] CVE-2011-3042
93 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3042
94 [ 13 ] CVE-2011-3043
95 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3043
96 [ 14 ] CVE-2011-3044
97 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3044
98 [ 15 ] CVE-2011-3046
99 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3046
100 [ 16 ] CVE-2011-3047
101 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047
102 [ 17 ] CVE-2011-3049
103 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3049
104 [ 18 ] CVE-2011-3050
105 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3050
106 [ 19 ] CVE-2011-3051
107 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3051
108 [ 20 ] CVE-2011-3052
109 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3052
110 [ 21 ] CVE-2011-3053
111 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3053
112 [ 22 ] CVE-2011-3054
113 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3054
114 [ 23 ] CVE-2011-3055
115 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3055
116 [ 24 ] CVE-2011-3056
117 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3056
118 [ 25 ] CVE-2011-3057
119 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3057
120 [ 26 ] Release Notes 17.0.963.65
121
122 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
123 [ 27 ] Release Notes 17.0.963.78
124
125 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html
126 [ 28 ] Release Notes 17.0.963.79
127
128 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html
129 [ 29 ] Release Notes 17.0.963.83
130
131 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
132
133 Availability
134 ============
135
136 This GLSA and any updates to it are available for viewing at
137 the Gentoo Security Website:
138
139 http://security.gentoo.org/glsa/glsa-201203-19.xml
140
141 Concerns?
142 =========
143
144 Security is a primary focus of Gentoo Linux and ensuring the
145 confidentiality and security of our users' machines is of utmost
146 importance to us. Any security concerns should be addressed to
147 security@g.o or alternatively, you may file a bug at
148 https://bugs.gentoo.org.
149
150 License
151 =======
152
153 Copyright 2012 Gentoo Foundation, Inc; referenced text
154 belongs to its owner(s).
155
156 The contents of this document are licensed under the
157 Creative Commons - Attribution / Share Alike license.
158
159 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups