Bugtraq mailing list archives
[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities
From: Tim Sammut <underling () gentoo org>
Date: Sat, 19 Nov 2011 08:43:46 -0800
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201111-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium, V8: Multiple vulnerabilities
Date: November 19, 2011
Bugs: #390113, #390779
ID: 201111-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 15.0.874.121 >= 15.0.874.121
2 dev-lang/v8 < 3.5.10.24 >= 3.5.10.24
-------------------------------------------------------------------
2 affected packages
-------------------------------------------------------------------
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process, or a Denial of Service condition. The attacker also could
cause a Java applet to run without user confirmation.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-15.0.874.121"
All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.24"
References
==========
[ 1 ] CVE-2011-3892
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3892
[ 2 ] CVE-2011-3893
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3893
[ 3 ] CVE-2011-3894
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3894
[ 4 ] CVE-2011-3895
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3895
[ 5 ] CVE-2011-3896
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3896
[ 6 ] CVE-2011-3897
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3897
[ 7 ] CVE-2011-3898
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3898
[ 8 ] CVE-2011-3900
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3900
[ 9 ] Release Notes 15.0.874.120
http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
[ 10 ] Release Notes 15.0.874.121
http://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities Tim Sammut (Nov 21)