Gentoo: GLSA-201210-07: Chromium: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-22.0.1229.94"
References
[ 1 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 2 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 3 ] CVE-2012-2865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865
[ 4 ] CVE-2012-2866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866
[ 5 ] CVE-2012-2867
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867
[ 6 ] CVE-2012-2868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868
[ 7 ] CVE-2012-2869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869
[ 8 ] CVE-2012-2872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872
[ 9 ] CVE-2012-2874
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2874
[ 10 ] CVE-2012-2876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2876
[ 11 ] CVE-2012-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2877
[ 12 ] CVE-2012-2878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2878
[ 13 ] CVE-2012-2879
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2879
[ 14 ] CVE-2012-2880
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2880
[ 15 ] CVE-2012-2881
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2881
[ 16 ] CVE-2012-2882
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2882
[ 17 ] CVE-2012-2883
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2883
[ 18 ] CVE-2012-2884
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2884
[ 19 ] CVE-2012-2885
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2885
[ 20 ] CVE-2012-2886
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2886
[ 21 ] CVE-2012-2887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2887
[ 22 ] CVE-2012-2888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2888
[ 23 ] CVE-2012-2889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2889
[ 24 ] CVE-2012-2891
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2891
[ 25 ] CVE-2012-2892
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2892
[ 26 ] CVE-2012-2894
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2894
[ 27 ] CVE-2012-2896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2896
[ 28 ] CVE-2012-2900
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900
[ 29 ] CVE-2012-5108
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108
[ 30 ] CVE-2012-5110
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110
[ 31 ] CVE-2012-5111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111
[ 32 ] CVE-2012-5112
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5112
[ 33 ] CVE-2012-5376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5376
[ 34 ] Release Notes 21.0.1180.89
https://chromereleases.googleblog.com/2012/08/stable-channel-update_30.html
[ 35 ] Release Notes 22.0.1229.79
https://chromereleases.googleblog.com/2012/09/stable-channel-update_25.html
[ 36 ] Release Notes 22.0.1229.92
https://chromereleases.googleblog.com/2012/10/stable-channel-update.html
[ 37 ] Release Notes 22.0.1229.94
https://chromereleases.googleblog.com/2012/10/stable-channel-update_6105.html
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201210-07
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.
Background
Chromium is an open source web browser project.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 22.0.1229.94 >= 22.0.1229.94
Impact
===== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, arbitrary file write, a Denial of Service condition, Cross-Site Scripting in SSL interstitial and various Universal Cross-Site Scripting attacks.
Workaround
There is no known workaround at this time.