Bugzilla – Bug 769181
VUL-0: Chromium version 20.0.1132.43
Last modified: 2012-07-03 15:17:27 UTC
Your friendly security team received the following report via security@suse.de. Please respond ASAP. The issue is public. Chromium version 20.0.1132.43 includes security fixes - [118633 <https://code.google.com/p/chromium/issues/detail?id=118633>] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. - [Windows only] [119150<https://code.google.com/p/chromium/issues/detail?id=119150>] [119250 <https://code.google.com/p/chromium/issues/detail?id=119250>] High CVE-2012-2816: Prevent sandboxed processes interfering with each other. Credit to Google Chrome Security Team (Justin Schuh). - [$1000] [120222<https://code.google.com/p/chromium/issues/detail?id=120222>] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. - [$1000] [120944<https://code.google.com/p/chromium/issues/detail?id=120944>] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. - [120977 <https://code.google.com/p/chromium/issues/detail?id=120977>] High CVE-2012-2819: Crash in texture handling. Credit to Ken âgetsâ Russell of the Chromium development community. - [121926 <https://code.google.com/p/chromium/issues/detail?id=121926>] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. - [122925 <https://code.google.com/p/chromium/issues/detail?id=122925>] Medium CVE-2012-2821: Autofill display problem. Credit to âsimonbrown60â. - [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind). - [$1000] [124356<https://code.google.com/p/chromium/issues/detail?id=124356>] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. - [$1000] [125374<https://code.google.com/p/chromium/issues/detail?id=125374>] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. - [128688 <https://code.google.com/p/chromium/issues/detail?id=128688>] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). - [Mac only] [129826<https://code.google.com/p/chromium/issues/detail?id=129826>] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community (Dharani Govindan). - [129857 <https://code.google.com/p/chromium/issues/detail?id=129857>] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team and Google Chrome Security Team (Chris Evans). - [$1000] [129947<https://code.google.com/p/chromium/issues/detail?id=129947>] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. - [$1000] [129951<https://code.google.com/p/chromium/issues/detail?id=129951>] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. - [Windows only] [130276<https://code.google.com/p/chromium/issues/detail?id=130276>] Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni of Comsec Consulting. - [$1000] [130356<https://code.google.com/p/chromium/issues/detail?id=130356>] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. - [131553 <https://code.google.com/p/chromium/issues/detail?id=131553>] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team. - [132156 <https://code.google.com/p/chromium/issues/detail?id=132156>] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team. - [$1000] [132779<https://code.google.com/p/chromium/issues/detail?id=132779>] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. - [$500] [127417<https://code.google.com/p/chromium/issues/detail?id=127417>] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire. - [64-bit Linux only] [$3000] [129930<https://code.google.com/p/chromium/issues/detail?id=129930>] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.
bugbot adjusting priority
openSUSE-SU-2012:0813-1: An update that fixes 15 vulnerabilities is now available. Category: security (moderate) Bug References: 769181 CVE References: CVE-2012-2807,CVE-2012-2815,CVE-2012-2816,CVE-2012-2817,CVE-2012-2818,CVE-2012-2819,CVE-2012-2820,CVE-2012-2821,CVE-2012-2823,CVE-2012-2825,CVE-2012-2826,CVE-2012-2829,CVE-2012-2830,CVE-2012-2831,CVE-2012-2834 Sources used: openSUSE 12.1 (src): chromium-22.0.1190.0-1.26.2, v8-3.12.5.0-1.30.1
released