Articles / Debian: Security update for…

Debian: Security update for Chromium

Several vulnerabilities were discovered in the Chromium browser. A use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. A use-after-free vulnerability in the HTMLCollection implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. A use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

Race condition in the sandbox launcher implementation in Google Chrome on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a “stale pointer.” Google Chrome does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2245-1                   security@debian.org
http://www.debian.org/security/                         Giuseppe Iuculano
May 29, 2011                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 
                CVE-2011-1797 CVE-2011-1799 


Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:


CVE-2011-1292

 Use-after-free vulnerability in the frame-loader implementation in Google
 Chrome allows remote attackers to cause a denial of service or possibly
 have unspecified other impact via unknown vectors.


CVE-2011-1293

 Use-after-free vulnerability in the HTMLCollection implementation in Google
 Chrome allows remote attackers to cause a denial of service or possibly have
 unspecified other impact via unknown vectors.


CVE-2011-1440

 Use-after-free vulnerability in Google Chrome allows remote attackers to cause
 a denial of service or possibly have unspecified other impact via vectors
 related to the ruby element and Cascading Style Sheets (CSS) token sequences.


CVE-2011-1444

 Race condition in the sandbox launcher implementation in Google Chrome on
 Linux allows remote attackers to cause a denial of service or possibly have
 unspecified other impact via unknown vectors.


CVE-2011-1797

 Google Chrome does not properly render tables, which allows remote attackers
 to cause a denial of service or possibly have unspecified other impact via
 unknown vectors that lead to a "stale pointer."


CVE-2011-1799

 Google Chrome does not properly perform casts of variables during interaction
 with the WebKit engine, which allows remote attackers to cause a denial of
 service or possibly have unspecified other impact via unknown vectors.



For the stable distribution (squeeze), these problems have been fixed in
version 6.0.472.63~r59945-5+squeeze5.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 11.0.696.68~r84545-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3iJO4ACgkQNxpp46476apuDACfQjllLVOT84OjL86pa8+JhD5j
GWgAmwc7Ei0TYhYaWQZbDmzalYq81pn4
=0RTf
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.