| View previous topic :: View next topic |
| Author |
Message |
GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Nov 01, 2011 10:26 am Post subject: [ GLSA 201111-01 ] Chromium, V8: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Chromium, V8: Multiple vulnerabilities (GLSA 201111-01)
Severity: high
Exploitable: remote
Date: November 01, 2011
Bug(s): #351525, #353626, #354121, #356933, #357963, #358581, #360399, #363629, #365125, #366335, #367013, #368649, #370481, #373451, #373469, #377475, #377629, #380311, #380897, #381713, #383251, #385649, #388461
ID: 201111-01
Synopsis
Multiple vulnerabilities have been reported in Chromium and V8,
some of which may allow execution of arbitrary code and local root
privilege escalation.
Background
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected Packages
Package: www-client/chromium
Vulnerable: < 15.0.874.102
Unaffected: >= 15.0.874.102
Architectures: All supported architectures
Package: dev-lang/v8
Vulnerable: < 3.5.10.22
Unaffected: >= 3.5.10.22
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Chromium and V8. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
A local attacker could gain root privileges (CVE-2011-1444, fixed in
chromium-11.0.696.57).
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process, or a Denial of Service condition. The attacker also could obtain
cookies and other sensitive information, conduct man-in-the-middle
attacks, perform address bar spoofing, bypass the same origin policy,
perform Cross-Site Scripting attacks, or bypass pop-up blocks.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/chromium-15.0.874.102"
|
All V8 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22"
|
References
CVE-2011-2345
CVE-2011-2346
CVE-2011-2347
CVE-2011-2348
CVE-2011-2349
CVE-2011-2350
CVE-2011-2351
CVE-2011-2834
CVE-2011-2835
CVE-2011-2837
CVE-2011-2838
CVE-2011-2839
CVE-2011-2840
CVE-2011-2841
CVE-2011-2843
CVE-2011-2844
CVE-2011-2845
CVE-2011-2846
CVE-2011-2847
CVE-2011-2848
CVE-2011-2849
CVE-2011-2850
CVE-2011-2851
CVE-2011-2852
CVE-2011-2853
CVE-2011-2854
CVE-2011-2855
CVE-2011-2856
CVE-2011-2857
CVE-2011-2858
CVE-2011-2859
CVE-2011-2860
CVE-2011-2861
CVE-2011-2862
CVE-2011-2864
CVE-2011-2874
CVE-2011-3234
CVE-2011-3873
CVE-2011-3875
CVE-2011-3876
CVE-2011-3877
CVE-2011-3878
CVE-2011-3879
CVE-2011-3880
CVE-2011-3881
CVE-2011-3882
CVE-2011-3883
CVE-2011-3884
CVE-2011-3885
CVE-2011-3886
CVE-2011-3887
CVE-2011-3888
CVE-2011-3889
CVE-2011-3890
CVE-2011-3891
Release Notes 10.0.648.127
Release Notes 10.0.648.133
Release Notes 10.0.648.205
Release Notes 11.0.696.57
Release Notes 11.0.696.65
Release Notes 11.0.696.68
Release Notes 11.0.696.71
Release Notes 12.0.742.112
Release Notes 12.0.742.91
Release Notes 13.0.782.107
Release Notes 13.0.782.215
Release Notes 13.0.782.220
Release Notes 14.0.835.163
Release Notes 14.0.835.202
Release Notes 15.0.874.102
Release Notes 8.0.552.237
Release Notes 9.0.597.107
Release Notes 9.0.597.84
Release Notes 9.0.597.94
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
News & Announcements
