GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Mar 30, 2012 11:26 pm Post subject: [ GLSA 201203-24 ] Chromium, V8: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Chromium, V8: Multiple vulnerabilities (GLSA 201203-24)
Severity: normal
Exploitable: remote
Date: March 30, 2012
Bug(s): #410045
ID: 201203-24
Synopsis
Multiple vulnerabilities have been reported in Chromium and V8,
some of which may allow execution of arbitrary code.
Background
Chromium is an open source web browser project. V8 is Google's open
source JavaScript engine. SPDY is an experimental networking protocol.
Affected Packages
Package: www-client/chromium
Vulnerable: < 18.0.1025.142
Unaffected: >= 18.0.1025.142
Architectures: All supported architectures
Package: dev-lang/v8
Vulnerable: < 3.8.9.16
Unaffected: >= 3.8.9.16
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Chromium and V8. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process, or a Denial of Service condition.
The attacker could also entice a user to open a specially crafted web
site using Chromium, possibly resulting in cross-site scripting (XSS), or
an unspecified SPDY certificate checking error.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/chromium-18.0.1025.142"
|
All V8 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.8.9.16"
|
References
CVE-2011-3057
CVE-2011-3058
CVE-2011-3059
CVE-2011-3060
CVE-2011-3061
CVE-2011-3062
CVE-2011-3063
CVE-2011-3064
CVE-2011-3065
Release Notes 18.0.1025.142
|
|
News & Announcements
