Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1569

PostPosted: Tue Nov 01, 2011 10:26 am    Post subject: [ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Chromium, V8: Multiple vulnerabilities (GLSA 201111-01)
Severity: high
Exploitable: remote
Date: November 01, 2011
Bug(s): #351525, #353626, #354121, #356933, #357963, #358581, #360399, #363629, #365125, #366335, #367013, #368649, #370481, #373451, #373469, #377475, #377629, #380311, #380897, #381713, #383251, #385649, #388461
ID: 201111-01

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8,
some of which may allow execution of arbitrary code and local root
privilege escalation.


Background

Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.


Affected Packages

Package: www-client/chromium
Vulnerable: < 15.0.874.102
Unaffected: >= 15.0.874.102
Architectures: All supported architectures

Package: dev-lang/v8
Vulnerable: < 3.5.10.22
Unaffected: >= 3.5.10.22
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Chromium and V8. Please
review the CVE identifiers and release notes referenced below for
details.


Impact

A local attacker could gain root privileges (CVE-2011-1444, fixed in
chromium-11.0.696.57).
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process, or a Denial of Service condition. The attacker also could obtain
cookies and other sensitive information, conduct man-in-the-middle
attacks, perform address bar spoofing, bypass the same origin policy,
perform Cross-Site Scripting attacks, or bypass pop-up blocks.


Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/chromium-15.0.874.102"
   
All V8 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22"
   


References

CVE-2011-2345
CVE-2011-2346
CVE-2011-2347
CVE-2011-2348
CVE-2011-2349
CVE-2011-2350
CVE-2011-2351
CVE-2011-2834
CVE-2011-2835
CVE-2011-2837
CVE-2011-2838
CVE-2011-2839
CVE-2011-2840
CVE-2011-2841
CVE-2011-2843
CVE-2011-2844
CVE-2011-2845
CVE-2011-2846
CVE-2011-2847
CVE-2011-2848
CVE-2011-2849
CVE-2011-2850
CVE-2011-2851
CVE-2011-2852
CVE-2011-2853
CVE-2011-2854
CVE-2011-2855
CVE-2011-2856
CVE-2011-2857
CVE-2011-2858
CVE-2011-2859
CVE-2011-2860
CVE-2011-2861
CVE-2011-2862
CVE-2011-2864
CVE-2011-2874
CVE-2011-3234
CVE-2011-3873
CVE-2011-3875
CVE-2011-3876
CVE-2011-3877
CVE-2011-3878
CVE-2011-3879
CVE-2011-3880
CVE-2011-3881
CVE-2011-3882
CVE-2011-3883
CVE-2011-3884
CVE-2011-3885
CVE-2011-3886
CVE-2011-3887
CVE-2011-3888
CVE-2011-3889
CVE-2011-3890
CVE-2011-3891

Release Notes 10.0.648.127


Release Notes 10.0.648.133


Release Notes 10.0.648.205


Release Notes 11.0.696.57


Release Notes 11.0.696.65


Release Notes 11.0.696.68


Release Notes 11.0.696.71


Release Notes 12.0.742.112


Release Notes 12.0.742.91


Release Notes 13.0.782.107


Release Notes 13.0.782.215


Release Notes 13.0.782.220


Release Notes 14.0.835.163


Release Notes 14.0.835.202


Release Notes 15.0.874.102


Release Notes 8.0.552.237


Release Notes 9.0.597.107


Release Notes 9.0.597.84


Release Notes 9.0.597.94
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum