Full Disclosure: [ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities

From: Tim Sammut <underling () gentoo org>
Date: Sat, 19 Nov 2011 08:43:46 -0800

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201111-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium, V8: Multiple vulnerabilities
     Date: November 19, 2011
     Bugs: #390113, #390779
       ID: 201111-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.

Background
==========

Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 15.0.874.121         >= 15.0.874.121
  2  dev-lang/v8                < 3.5.10.24              >= 3.5.10.24
    -------------------------------------------------------------------
     2 affected packages
    -------------------------------------------------------------------

Description
===========

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.

Impact
======

A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process, or a Denial of Service condition. The attacker also could
cause a Java applet to run without user confirmation.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-15.0.874.121"

All V8 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.24"

References
==========

[  1 ] CVE-2011-3892
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3892
[  2 ] CVE-2011-3893
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3893
[  3 ] CVE-2011-3894
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3894
[  4 ] CVE-2011-3895
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3895
[  5 ] CVE-2011-3896
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3896
[  6 ] CVE-2011-3897
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3897
[  7 ] CVE-2011-3898
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3898
[  8 ] CVE-2011-3900
       http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3900
[  9 ] Release Notes 15.0.874.120

http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
[ 10 ] Release Notes 15.0.874.121

http://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201111-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities Tim Sammut (Nov 19)