| |||||||||||||||||||
MeeGo alert MeeGo-SA-10:23 (chromium)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:23.chromium Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Chromium Category: Browser Module: chromium Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID: 4935 CVE: CVE-2010-2898, CVE-2010-2899, CVE-2010-2900, CVE-2010-2901, CVE-2010-2902 & CVE-2010-2903 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background Chromium is an open-source web browser, powered by WebKit. II. Problem Description CVE-2010-2898: Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-2899: Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable CVE-2010-2900: Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-2901: The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-2902: The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable CVE-2010-2903: Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors. CVSS v2 Base: 10.0 (HIGH) Access Vector: Network exploitable III. Impact CVE-2010-2898: Unauthorized disclosure of information CVE-2010-2899: Unauthorized disclosure of information CVE-2010-2900: Unauthorized disclosure of information CVE-2010-2901: Unauthorized disclosure of information due to buffer error (CWE-119) CVE-2010-2902: Unauthorized disclosure of information due to buffer error (CWE-119) CVE-2010-2903: Unauthorized disclosure of information IV. Workaround None V. Solution Update to package chromium-6.0.486.0-9.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=4935 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/119.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNNlrSAAoJEEsJm1wYvCMbZaIH/jA02Pcw72by0xPfidTBbSiF f0QszIdRrrxpChIgbORHrmTJ1qyYKqEsLciEIv5PtdHx8bI2H/JybSjXK/q6032c qov5fiCHaZ15v2aIGM5bcLr8mTPotmTwlVXRLJFJ/g9bugDVoTqw7WN42zyRBD8V FyyjSWP+EM855jp3K1GlLbrmZdr/YOnmBCbqa0uasmB0tm7AYGovxemjgwo3ZZzR wAPzmF3mq9rParUtWDHLcZea9+MwhWPaovwFP3DbI/btuQYnbyYZuh3xmxakscMx RdtnzOz8is+j55pU/zPDRMm1blwtzCbNxXX9S0aBRlytIsrnVO7xkc/abcRJRl8= =9/7s -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
|||||||||||||||||||