Mageia alert MGASA-2012-0177 (chromium)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2012-0177: chromium-browser-stable-20.0.1132.57-2.1.mga, v8-3.12.7-0.1.mga (1, 2/core) | |
| Date: | Sat, 21 Jul 2012 15:02:01 +0200 | |
| Message-ID: | <20120721130201.GA372@valstar.mageia.org> |
MGASA-2012-0177 Date: July 21st, 2012 Affected releases: 1, 2 Description: This security update to the chromium-browser and the v8 standalone javascript processor corrects the following security issues. [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google. [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. [120222] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium development community. [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”. [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind). [124356] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion Credit to Google Chrome Security Team (Inferno). [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team and Google Chrome Security Team (Chris Evans). [129947] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team. [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team. [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. Updated Packages: Mageia 1: chromium-browser-stable-20.0.1132.57-2.1.mga1 v8-3.12.7-0.1.mga1 v8-devel-3.12.7-0.1.mga1 Mageia 2: chromium-browser-stable-20.0.1132.57-2.1.mga2 v8-3.12.7-0.1.mga2 v8-devel-3.12.7-0.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2819 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2820 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2821 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2822 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2829 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2832 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2834 https://bugs.mageia.org/show_bug.cgi?id=6679 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...