-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2245-1                   security@debian.org
http://www.debian.org/security/                         Giuseppe Iuculano
May 29, 2011                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 
                 CVE-2011-1797 CVE-2011-1799 


Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2011-1292

  Use-after-free vulnerability in the frame-loader implementation in Google
  Chrome allows remote attackers to cause a denial of service or possibly
  have unspecified other impact via unknown vectors.


CVE-2011-1293

  Use-after-free vulnerability in the HTMLCollection implementation in Google
  Chrome allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors.


CVE-2011-1440

  Use-after-free vulnerability in Google Chrome allows remote attackers to cause
  a denial of service or possibly have unspecified other impact via vectors  related to the ruby element and Cascading Style Sheets (CSS) token sequences.


CVE-2011-1444

  Race condition in the sandbox launcher implementation in Google Chrome on
  Linux allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via unknown vectors.


CVE-2011-1797

  Google Chrome does not properly render tables, which allows remote attackers  to cause a denial of service or possibly have unspecified other impact via
  unknown vectors that lead to a "stale pointer."


CVE-2011-1799

  Google Chrome does not properly perform casts of variables during interaction
  with the WebKit engine, which allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via unknown vectors.



For the stable distribution (squeeze), these problems have been fixed in
version 6.0.472.63~r59945-5+squeeze5.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 11.0.696.68~r84545-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-2245-1: chromium-browser security update

May 29, 2011
Several vulnerabilities were discovered in the Chromium browser

Summary


Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google
Chrome allows remote attackers to cause a denial of service or possibly
have unspecified other impact via unknown vectors.


CVE-2011-1293

Use-after-free vulnerability in the HTMLCollection implementation in Google
Chrome allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.


CVE-2011-1440

Use-after-free vulnerability in Google Chrome allows remote attackers to cause
a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.


CVE-2011-1444

Race condition in the sandbox launcher implementation in Google Chrome on
Linux allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.


CVE-2011-1797

Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via
unknown vectors that lead to a "stale pointer."


CVE-2011-1799

Google Chrome does not properly perform casts of variables during interaction
with the WebKit engine, which allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.



For the stable distribution (squeeze), these problems have been fixed in
version 6.0.472.63~r59945-5+squeeze5.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 11.0.696.68~r84545-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : chromium-browser
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444
CVE-2011-1797 CVE-2011-1799

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved