FreeBSD : chromium -- multiple vulnerabilities (209c068d-28be-11e2-9160-00262d5ed8ee)

High Nessus Plugin ID 62856

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.

[Linux 64-bit only] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG.

[143761] High CVE-2012-5116: Use-after-free in SVG filter handling.
Credit to miaubiz.

[Mac OS only] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.

[154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.

[145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Grobert of the Google Security Team.

[149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.

[154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).

[154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia.
Credit to Google Chrome Security Team (Inferno).

[155323] High CVE-2012-5124: Memory corruption in texture handling.
Credit to Al Patrick of the Chromium development community.

[156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.

[156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).

[157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?bdc75d6a

http://www.nessus.org/u?5531bcaa

Plugin Details

Severity: High

ID: 62856

File Name: freebsd_pkg_209c068d28be11e2916000262d5ed8ee.nasl

Version: Revision: 1.3

Type: local

Published: 2012/11/08

Updated: 2016/05/26

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/11/07

Vulnerability Publication Date: 2012/11/06

Reference Information

CVE: CVE-2012-5116, CVE-2012-5117, CVE-2012-5118, CVE-2012-5119, CVE-2012-5120, CVE-2012-5121, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5127, CVE-2012-5128