Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201210-07 ] Chromium: Multiple vulnerabilities
Date: Sun, 21 Oct 2012 18:06:25
Message-Id: 508417D4.5050009@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201210-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: October 21, 2012
10 Bugs: #433551, #436234, #437664, #437984
11 ID: 201210-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been reported in Chromium, some of which
19 may allow execution of arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open source web browser project.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-client/chromium < 22.0.1229.94 >= 22.0.1229.94
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Chromium. Please
38 review the CVE identifiers and release notes referenced below for
39 details.
40
41 Impact
42 ======
43
44 A remote attacker could entice a user to open a specially crafted web
45 site using Chromium, possibly resulting in the execution of arbitrary
46 code with the privileges of the process, arbitrary file write, a Denial
47 of Service condition, Cross-Site Scripting in SSL interstitial and
48 various Universal Cross-Site Scripting attacks.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All Chromium users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot -v ">=www-client/chromium-22.0.1229.94"
62
63 References
64 ==========
65
66 [ 1 ] CVE-2012-2859
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
68 [ 2 ] CVE-2012-2860
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
70 [ 3 ] CVE-2012-2865
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865
72 [ 4 ] CVE-2012-2866
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866
74 [ 5 ] CVE-2012-2867
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867
76 [ 6 ] CVE-2012-2868
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868
78 [ 7 ] CVE-2012-2869
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869
80 [ 8 ] CVE-2012-2872
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872
82 [ 9 ] CVE-2012-2874
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2874
84 [ 10 ] CVE-2012-2876
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2876
86 [ 11 ] CVE-2012-2877
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2877
88 [ 12 ] CVE-2012-2878
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2878
90 [ 13 ] CVE-2012-2879
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2879
92 [ 14 ] CVE-2012-2880
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2880
94 [ 15 ] CVE-2012-2881
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2881
96 [ 16 ] CVE-2012-2882
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2882
98 [ 17 ] CVE-2012-2883
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2883
100 [ 18 ] CVE-2012-2884
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2884
102 [ 19 ] CVE-2012-2885
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2885
104 [ 20 ] CVE-2012-2886
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2886
106 [ 21 ] CVE-2012-2887
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2887
108 [ 22 ] CVE-2012-2888
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2888
110 [ 23 ] CVE-2012-2889
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2889
112 [ 24 ] CVE-2012-2891
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2891
114 [ 25 ] CVE-2012-2892
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2892
116 [ 26 ] CVE-2012-2894
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2894
118 [ 27 ] CVE-2012-2896
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2896
120 [ 28 ] CVE-2012-2900
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900
122 [ 29 ] CVE-2012-5108
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108
124 [ 30 ] CVE-2012-5110
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110
126 [ 31 ] CVE-2012-5111
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111
128 [ 32 ] CVE-2012-5112
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5112
130 [ 33 ] CVE-2012-5376
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5376
132 [ 34 ] Release Notes 21.0.1180.89
133
134 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html
135 [ 35 ] Release Notes 22.0.1229.79
136
137 http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
138 [ 36 ] Release Notes 22.0.1229.92
139
140 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html
141 [ 37 ] Release Notes 22.0.1229.94
142
143 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html
144
145 Availability
146 ============
147
148 This GLSA and any updates to it are available for viewing at
149 the Gentoo Security Website:
150
151 http://security.gentoo.org/glsa/glsa-201210-07.xml
152
153 Concerns?
154 =========
155
156 Security is a primary focus of Gentoo Linux and ensuring the
157 confidentiality and security of our users' machines is of utmost
158 importance to us. Any security concerns should be addressed to
159 security@g.o or alternatively, you may file a bug at
160 https://bugs.gentoo.org.
161
162 License
163 =======
164
165 Copyright 2012 Gentoo Foundation, Inc; referenced text
166 belongs to its owner(s).
167
168 The contents of this document are licensed under the
169 Creative Commons - Attribution / Share Alike license.
170
171 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups