VARIoT IoT vulnerabilities database
| VAR-201208-0203 | CVE-2012-4143 | Opera Vulnerabilities that allow arbitrary files to be downloaded and executed |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. Opera Web Browser is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions.
Opera versions prior to 12.01 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201209-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: September 25, 2012
Bugs: #429478, #434584
ID: 201209-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Opera, the worst of which
may allow remote execution of arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.01.1532 >= 12.01.1532
Description
===========
Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers and Opera Release Notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
page using Opera, possibly resulting in execution of arbitrary code
with the privileges of the process or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532"
References
==========
[ 1 ] CVE-2012-4010
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010
[ 2 ] CVE-2012-4142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142
[ 3 ] CVE-2012-4143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143
[ 4 ] CVE-2012-4144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144
[ 5 ] CVE-2012-4145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145
[ 6 ] CVE-2012-4146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146
[ 7 ] Opera 12.01 for UNIX changelog
http://www.opera.com/docs/changelogs/unix/1201/
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0202 | CVE-2012-4142 | Opera Web Browser HTML Injection Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Opera Web Browser is prone to a HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Opera Web Browser versions prior to 12.01 and 11.66 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201209-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: September 25, 2012
Bugs: #429478, #434584
ID: 201209-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Opera, the worst of which
may allow remote execution of arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.01.1532 >= 12.01.1532
Description
===========
Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers and Opera Release Notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
page using Opera, possibly resulting in execution of arbitrary code
with the privileges of the process or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532"
References
==========
[ 1 ] CVE-2012-4010
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010
[ 2 ] CVE-2012-4142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142
[ 3 ] CVE-2012-4143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143
[ 4 ] CVE-2012-4144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144
[ 5 ] CVE-2012-4145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145
[ 6 ] CVE-2012-4146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146
[ 7 ] Opera 12.01 for UNIX changelog
http://www.opera.com/docs/changelogs/unix/1201/
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0695 | CVE-2012-1339 | Cisco Unified Computing System Service disruption in ( Process crash ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543.
An attacker can exploit this issue to cause the SSHD process to crash resulting in a denial-of-service condition.
This issue is tracked by Cisco Bug ID CSCtt94543
| VAR-201208-0350 | CVE-2012-3020 | Siemens Synco OZW Unsafe Default Password Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. Siemens Synco OZW equipment is used to remotely operate and monitor building automation equipment. There is a default administrator password for Siemens Synco OZW. There is no mandatory password change during application installation, and an attacker can use this password to gain control over the application. Siemens Synco OZW is prone to an insecure-default-password vulnerability
| VAR-201408-0006 | CVE-2011-2593 | Citrix Access Gateway Enterprise Edition Plug-in for Windows of nsepacom ActiveX Control StartEpa Method integer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. Citrix Access Gateway is a universal SSL VPN device. The attacker can Exploit a heap-based buffer overflow, possibly executing arbitrary code in the context of an application. Failed exploit attempts will likely result in denial-of-service conditions. that provides secure access to virtual desktops and applications.
NOTE: Other versions may also be affected.
Successful exploitation may allow execution of arbitrary code.
======================================================================
5) Solution
No official solution is currently available.
======================================================================
6) Time Table
19/07/2011 - Vendor notified.
21/07/2011 - Vendor response.
20/01/2012 - Requested status update.
08/02/2012 - Vendor response, fix not scheduled.
09/05/2012 - Requested status update.
09/05/2012 - Vendor response, fix scheduled for June.
03/07/2012 - Requested status update.
21/07/2012 - Vendor response, fix delayed.
01/08/2012 - Public disclosure.
======================================================================
7) Credits
Discovered by Dmitriy Pletnev, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2011-2593 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2012-26/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
The vulnerabilities are confirmed in version 9.3.49.5.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2012-26/
http://secunia.com/secunia_research/2012-27/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201406-0006 | CVE-2011-2592 | Citrix Access Gateway Enterprise Edition Plug-in for Windows Heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. Citrix Access Gateway is a universal SSL VPN device. Attackers can exploit the vulnerability. Performing a heap-based buffer overflow may execute arbitrary code in the application context. Failed exploit attempts will likely result in denial-of-service conditions. that provides secure access to virtual desktops and applications.
NOTE: Other versions may also be affected.
Successful exploitation allows execution of arbitrary code.
======================================================================
5) Solution
No official solution is currently available.
======================================================================
6) Time Table
19/07/2011 - Vendor notified.
21/07/2011 - Vendor response.
20/01/2012 - Requested status update.
08/02/2012 - Vendor response, fix not scheduled.
09/05/2012 - Requested status update.
09/05/2012 - Vendor response, fix scheduled for June.
03/07/2012 - Requested status update.
21/07/2012 - Vendor response, fix delayed.
01/08/2012 - Public disclosure.
======================================================================
7) Credits
Discovered by Dmitriy Pletnev, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2011-2592 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2012-27/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
The vulnerabilities are confirmed in version 9.3.49.5.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2012-26/
http://secunia.com/secunia_research/2012-27/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0225 | CVE-2012-4344 | IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. IPSwitch's WhatsUp Gold version 16.3, and possibly previous versions, is vulnerable to SQL injection and cross-site scripting attacks. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Ipswitch WhatsUp Gold "sGroupList" SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA50002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50002
RELEASE DATE:
2012-07-31
DISCUSS ADVISORY:
http://secunia.com/advisories/50002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Ipswitch WhatsUp Gold, which can
be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "sGroupList" parameter to
NmConsole/Reports/Workspace/Virtualization/WrVMwareHostList/WrVMwareHostList.asp
is not properly sanitised before being used in a SQL query. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL
code.
The vulnerability is reported in version 15.02. Other versions may
also be affected.
SOLUTION:
No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
muts, Offensive Security.
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/20035/
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0948 | No CVE | Multiple vulnerabilities in Citrix Access Gateway |
CVSS V2: - CVSS V3: - Severity: - |
Citrix Access Gateway is an SSL VPN that provides secure remote access to virtual desktops and applications. There are multiple security vulnerabilities in the implementation of Citrix Access Gateway. It can be exploited to read arbitrary files through directory traversal sequences, reveal sensitive information and perform spoofing attacks. 1) Some inputs are not properly validated before being used to read a file and can be utilized by a directory traversal sequence. 2) An unknown detail error may allow the gateway to act as a public proxy server. 3) Unknown details errors can be exploited to inject text content. This may aid in further attacks. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Citrix Access Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50140
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50140/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50140
RELEASE DATE:
2012-08-02
DISCUSS ADVISORY:
http://secunia.com/advisories/50140/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50140/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50140
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Citrix Access Gateway,
which can be exploited by malicious people to disclose potentially
sensitive information, manipulate certain data, and conduct spoofing
attacks.
The vulnerabilities are reported in versions 5.0 through 5.0.4.
SOLUTION:
Apply patches.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.citrix.com/article/CTX133648
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0340 | CVE-2012-2858 | Google Chrome of WebP Buffer overflow vulnerability in decoder |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
disclosure of sensitive information, or other unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0342 | CVE-2012-2860 | Google Chrome of Datepicker Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0338 | CVE-2012-2856 | Google Chrome of PDF Denial of service in function (DoS) Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0337 | CVE-2012-2855 | Google Chrome of PDF function Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0333 | CVE-2012-2851 | Google Chrome of PDF Integer overflow vulnerability in functionality |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0334 | CVE-2012-2852 | Google Chrome of PDF Service disruption in functionality ( Use of freed memory ) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document. ( Use of freed memory ) There are vulnerabilities that can be affected indefinitely, such as being in a state.Denial of service operations through crafted documents by third parties ( Use of freed memory ) There is a possibility of being affected unspecified, such as being in a state. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0336 | CVE-2012-2854 | Google Chrome Vulnerability in obtaining important information about pointer values |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
disclosure of sensitive information, or other unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0335 | CVE-2012-2853 | Google Chrome of webRequest API Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). A security vulnerability exists in Google Chrome versions prior to 21.0.1180.57 and 21.0.1180.60 due to a bug in the handling of the webRequest API. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0332 | CVE-2012-2850 | Google Chrome of PDF Feature vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. Google Chrome of PDF A feature contains vulnerabilities that are unspecified.A third party can be unintentionally affected through crafted documents. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). A remote attacker could use a specially crafted document to have unknown effects. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0325 | CVE-2012-2848 | Google Chrome Vulnerabilities bypassing file access restrictions in drag and drop |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
disclosure of sensitive information, or other unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0331 | CVE-2012-2849 | Google Chrome of GIF Denial of service in decoder (DoS) Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
disclosure of sensitive information, or other unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0324 | CVE-2012-2847 | Google Chrome Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 21.0.1180.57 and 21.0.1180.60 are vulnerable. Google Chrome is a web browser developed by Google (Google). A security vulnerability exists in Google Chrome versions prior to 21.0.1180.57 and 21.0.1180.60 due to the user not being properly re-prompted when handling excessive downloads. ----------------------------------------------------------------------
We are millions! Join us to protect all Pc's Worldwide.
Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends:
http://secunia.com/psi
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50105
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50105/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
RELEASE DATE:
2012-08-01
DISCUSS ADVISORY:
http://secunia.com/advisories/50105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50105/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) An error when handling renders can be exploited to bypass the
cross-process policy and cause interference.
NOTE: This vulnerability affect the Linux platform only.
2) The application does not properly re-prompt the user when
downloading multiple files and can be exploited to trick the user
into downloading a malicious file.
3) An error when handling drag and drop events can be exploited to
access certain restricted files.
4) Multiple errors exist within the PDF viewer. No further
information is currently available.
5) Multiple integer overflow errors exist within the PDF viewer.
6) A use-after-free error exists when handling object linkage in
PDFs.
7) An error within the "webRequest" module can be exploited to cause
interference with the Chrome Web Store.
8) A use-after-free error exists within the PDF viewer.
9) An out-of-bounds write error exists within the PDF viewer.
10) A use-after-free error exits when handling CSS DOM objects.
11) An error within the WebP decoder can be exploited to cause a
buffer overflow.
12) An unspecified error exists within tab handling.
NOTE: This vulnerability affect the Linux platform only.
13) An out-of-bounds access error exists when clicking in date
picker.
SOLUTION:
Upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Julien Tinnes, Google Chrome Security Team
2, 3) Matt Austin, Aspect Security
4, 5, 8, 9) Mateusz Jurczyk and Gynvael Coldwind, Google Security
Team
6) Alexey Samsonov, Google
7) Trev, Adblock
10) Arthur Gerkis
11) J\xfcri Aedla
12) Jeff Roberts, Google Security Team
13) Chamal de Silva
ORIGINAL ADVISORY:
googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 14, 2012
Bugs: #423719, #426204, #429174
ID: 201208-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 21.0.1180.57 >= 21.0.1180.57
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
disclosure of sensitive information, or other unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-21.0.1180.57"
References
==========
[ 1 ] CVE-2012-2815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2815
[ 2 ] CVE-2012-2817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2817
[ 3 ] CVE-2012-2818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2818
[ 4 ] CVE-2012-2819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2819
[ 5 ] CVE-2012-2820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2820
[ 6 ] CVE-2012-2821
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2821
[ 7 ] CVE-2012-2823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2823
[ 8 ] CVE-2012-2824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2824
[ 9 ] CVE-2012-2825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2825
[ 10 ] CVE-2012-2826
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2826
[ 11 ] CVE-2012-2829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2829
[ 12 ] CVE-2012-2830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2830
[ 13 ] CVE-2012-2831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2831
[ 14 ] CVE-2012-2834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2834
[ 15 ] CVE-2012-2842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842
[ 16 ] CVE-2012-2843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843
[ 17 ] CVE-2012-2846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2846
[ 18 ] CVE-2012-2847
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2847
[ 19 ] CVE-2012-2848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2848
[ 20 ] CVE-2012-2849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2849
[ 21 ] CVE-2012-2853
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2853
[ 22 ] CVE-2012-2854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2854
[ 23 ] CVE-2012-2857
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2857
[ 24 ] CVE-2012-2858
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2858
[ 25 ] CVE-2012-2859
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 26 ] CVE-2012-2860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 27 ] Release Notes 20.0.1132.43
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26=
.html
[ 28 ] Release Notes 20.0.1132.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.ht=
ml
[ 29 ] Release Notes 21.0.1180.57
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201208-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5