Gentoo: 201208-03 Chromium: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Gentoo Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium: Multiple vulnerabilities
     Date: August 14, 2012
     Bugs: #423719, #426204, #429174
       ID: 201208-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.

Background
==========

Chromium is an open source web browser project.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 21.0.1180.57         >= 21.0.1180.57

Description
===========

Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.

Impact
======

A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
disclosure of sensitive information, or other unspecified impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"

References
==========

[  1 ] CVE-2012-2815
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[  2 ] CVE-2012-2817
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[  3 ] CVE-2012-2818
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[  4 ] CVE-2012-2819
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[  5 ] CVE-2012-2820
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[  6 ] CVE-2012-2821
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[  7 ] CVE-2012-2823
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[  8 ] CVE-2012-2824
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[  9 ] CVE-2012-2825
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43

http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
[ 28 ] Release Notes 20.0.1132.57

http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html
[ 29 ] Release Notes 21.0.1180.57

http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201208-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5