Bug 769181

Summary: VUL-0: Chromium version 20.0.1132.43
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Raymond Wooninck <tittiatcoke>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2012-06-28 08:29:32 UTC 
Your friendly security team received the following report via security@suse.de.
Please respond ASAP.
The issue is public.

Chromium version 20.0.1132.43 includes security fixes

- [118633 <https://code.google.com/p/chromium/issues/detail?id=118633>]
   Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein
   of Google.
   - [Windows only]
[119150<https://code.google.com/p/chromium/issues/detail?id=119150>]
   [119250 <https://code.google.com/p/chromium/issues/detail?id=119250>]
   High CVE-2012-2816: Prevent sandboxed processes interfering with each
   other. Credit to Google Chrome Security Team (Justin Schuh).
   - [$1000] [120222<https://code.google.com/p/chromium/issues/detail?id=120222>]
   High CVE-2012-2817: Use-after-free in table section handling. Credit to
   miaubiz.
   - [$1000] [120944<https://code.google.com/p/chromium/issues/detail?id=120944>]
   High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz.
   - [120977 <https://code.google.com/p/chromium/issues/detail?id=120977>]
   High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets”
   Russell of the Chromium development community.
   - [121926 <https://code.google.com/p/chromium/issues/detail?id=121926>]
   Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit
   to Atte Kettunen of OUSPG.
   - [122925 <https://code.google.com/p/chromium/issues/detail?id=122925>]
   Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”.
   - [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues
   in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany,
   Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
   - [$1000] [124356<https://code.google.com/p/chromium/issues/detail?id=124356>]
   High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to
   miaubiz.
   - [$1000] [125374<https://code.google.com/p/chromium/issues/detail?id=125374>]
   High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz.
   - [128688 <https://code.google.com/p/chromium/issues/detail?id=128688>]
   Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit
   to Google Chrome Security Team (Inferno).
   - [Mac only]
[129826<https://code.google.com/p/chromium/issues/detail?id=129826>]
   Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium
   development community (Dharani Govindan).
   - [129857 <https://code.google.com/p/chromium/issues/detail?id=129857>]
   High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk
   of Google Security Team and Google Chrome Security Team (Chris Evans).
   - [$1000] [129947<https://code.google.com/p/chromium/issues/detail?id=129947>]
   High CVE-2012-2829: Use-after-free in first-letter handling. Credit to
   miaubiz.
   - [$1000] [129951<https://code.google.com/p/chromium/issues/detail?id=129951>]
   High CVE-2012-2830: Wild pointer in array value setting. Credit to
   miaubiz.
   - [Windows only]
[130276<https://code.google.com/p/chromium/issues/detail?id=130276>]
   Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni
   of Comsec Consulting.
   - [$1000] [130356<https://code.google.com/p/chromium/issues/detail?id=130356>]
   High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to
   miaubiz.
   - [131553 <https://code.google.com/p/chromium/issues/detail?id=131553>]
   High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to
   Mateusz Jurczyk of Google Security Team.
   - [132156 <https://code.google.com/p/chromium/issues/detail?id=132156>]
   High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz
   Jurczyk of Google Security Team.
   - [$1000] [132779<https://code.google.com/p/chromium/issues/detail?id=132779>]
   High CVE-2012-2834: Integer overflow in Matroska container. Credit to
   Jüri Aedla.


   - [$500] [127417<https://code.google.com/p/chromium/issues/detail?id=127417>]
   Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas
   Gregoire.
   - [64-bit Linux only] [$3000]
[129930<https://code.google.com/p/chromium/issues/detail?id=129930>]
   High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.
Comment 1 Swamp Workflow Management 2012-06-28 22:00:17 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2012-07-03 12:14:55 UTC 
openSUSE-SU-2012:0813-1: An update that fixes 15 vulnerabilities is now available.

Category: security (moderate)
Bug References: 769181
CVE References: CVE-2012-2807,CVE-2012-2815,CVE-2012-2816,CVE-2012-2817,CVE-2012-2818,CVE-2012-2819,CVE-2012-2820,CVE-2012-2821,CVE-2012-2823,CVE-2012-2825,CVE-2012-2826,CVE-2012-2829,CVE-2012-2830,CVE-2012-2831,CVE-2012-2834
Sources used:
openSUSE 12.1 (src):    chromium-22.0.1190.0-1.26.2, v8-3.12.5.0-1.30.1
Comment 3 Marcus Meissner 2012-07-03 15:17:27 UTC 
released