GLSA-201111-01 : Chromium, V8: Multiple vulnerabilities

high Nessus Plugin ID 56686
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201111-01 (Chromium, V8: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.
Impact :

A local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57).
A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks.
Workaround :

There is no known workaround at this time.

Solution

All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-15.0.874.102' All V8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.5.10.22'

See Also

http://www.nessus.org/u?8cdd12e7

http://www.nessus.org/u?6d45fe3d

http://www.nessus.org/u?1d9aa975

http://www.nessus.org/u?0d205a23

http://www.nessus.org/u?33508fb4

http://www.nessus.org/u?a5032235

http://www.nessus.org/u?5fef5430

http://www.nessus.org/u?65e7cd39

http://www.nessus.org/u?28c7fa49

http://www.nessus.org/u?a91c1365

http://www.nessus.org/u?84523741

http://www.nessus.org/u?b277c372

http://www.nessus.org/u?5c02fa14

http://www.nessus.org/u?02dd0c90

http://www.nessus.org/u?6e75d665

http://www.nessus.org/u?e0400292

http://www.nessus.org/u?7535a0a5

http://www.nessus.org/u?6a566189

http://www.nessus.org/u?d3b8dc2a

https://security.gentoo.org/glsa/201111-01

Plugin Details

Severity: High

ID: 56686

File Name: gentoo_GLSA-201111-01.nasl

Version: 1.16

Type: local

Published: 11/2/2011

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:chromium, p-cpe:/a:gentoo:linux:v8, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/1/2011

Vulnerability Publication Date: 6/29/2011

Reference Information

CVE: CVE-2011-2345, CVE-2011-2346, CVE-2011-2347, CVE-2011-2348, CVE-2011-2349, CVE-2011-2350, CVE-2011-2351, CVE-2011-2834, CVE-2011-2835, CVE-2011-2837, CVE-2011-2838, CVE-2011-2839, CVE-2011-2840, CVE-2011-2841, CVE-2011-2843, CVE-2011-2844, CVE-2011-2845, CVE-2011-2846, CVE-2011-2847, CVE-2011-2848, CVE-2011-2849, CVE-2011-2850, CVE-2011-2851, CVE-2011-2852, CVE-2011-2853, CVE-2011-2854, CVE-2011-2855, CVE-2011-2856, CVE-2011-2857, CVE-2011-2858, CVE-2011-2859, CVE-2011-2860, CVE-2011-2861, CVE-2011-2862, CVE-2011-2864, CVE-2011-2874, CVE-2011-3234, CVE-2011-3873, CVE-2011-3875, CVE-2011-3876, CVE-2011-3877, CVE-2011-3878, CVE-2011-3879, CVE-2011-3880, CVE-2011-3881, CVE-2011-3882, CVE-2011-3883, CVE-2011-3884, CVE-2011-3885, CVE-2011-3886, CVE-2011-3887, CVE-2011-3888, CVE-2011-3889, CVE-2011-3890, CVE-2011-3891

BID: 48479, 49279, 49658, 49933, 49938, 50360

GLSA: 201111-01