Ubuntu
chromium-browser package

(CVE-2012-2842) <chromium-browser-20.0.1132.57 : use-after-free vulnerability (CVE-2012-{2842,2843,2844})

Bug #1025111 reported by Karma Dorje
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gentoo Linux
Fix Released
Medium
chromium-browser (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The Stable channel has been updated to 20.0.1132.57 for Windows, Mac, Linux, and Chrome Frame. Along with below mentioned security fixes, this build contains an update to Flash player, v8 (3.10.8.20) and couple of stability/bug fixes.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$1000] [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz.
[$1000] [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz.
[133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google.

http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html

See original description

CVE References

Revision history for this message
In , Mike Gilbert (floppym) wrote :

Release notes in URL.

Revision history for this message
In , Mike Gilbert (floppym) wrote :

Let's stabilize it.

=dev-lang/v8-3.10.8.20
=www-client/chromium/20.0.1132.57

Revision history for this message
In , Rich0 (rich0) wrote :

amd64 stable

Karma Dorje (taaroa)
summary: (CVE-2012-2842) <www-client/chromium-20.0.1132.57 : use-after-free
- vulnerability (CVE-2012-{2842,2843})
+ vulnerability (CVE-2012-{2842,2843,2844})
description: updated
visibility: private → public
Karma Dorje (taaroa)
summary: - (CVE-2012-2842) <www-client/chromium-20.0.1132.57 : use-after-free
+ (CVE-2012-2842) <chromium-browser-20.0.1132.57 : use-after-free
vulnerability (CVE-2012-{2842,2843,2844})
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in chromium-browser (Ubuntu):
status: New → Incomplete
Changed in libv8 (Ubuntu):
status: New → Incomplete
Karma Dorje (taaroa)
description: updated
no longer affects: libv8 (Ubuntu)
Bug Watch Updater (bug-watch-updater)
Changed in gentoo:
importance: Unknown → Medium
Revision history for this message
In , Jdhore (jdhore) wrote :

x86 stable

Revision history for this message
In , Glsamaker (glsamaker) wrote :

CVE-2012-2843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2843):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to layout height tracking.

CVE-2012-2842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2842):
  Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to counter handling.

Revision history for this message
In , Ackle (ackle) wrote :

Thanks, everyone. GLSA draft is ready and needs 1 more approval.

Karma Dorje (taaroa)
Changed in chromium-browser (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
In , Glsamaker (glsamaker) wrote :

This issue was resolved and addressed in
 GLSA 201208-03 at http://security.gentoo.org/glsa/glsa-201208-03.xml
by GLSA coordinator Sean Amoss (ackle).

Bug Watch Updater (bug-watch-updater)
Changed in gentoo:
status: Unknown → Fix Released
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

https://launchpad.net/ubuntu/+source/chromium-browser/22.0.1229.79~r158531-0ubuntu1

chromium-browser (22.0.1229.79~r158531-0ubuntu1) quantal-proposed; urgency=low

  * New upstream release from the Stable Channel
  * debian/control
    - fixed typo in description for chromium-codecs-ffmpeg
  * debian/patches/fix-armhf-ftbfs.patch
    - Dropped, no longer needed
  * debian/chromium-browser.install
    - Install demo extension
  * debian/rules
    - Updated INSTALL_EXCLUDE_FILES
    - build with gcc 4.7
  * debian/patches/1-infobars.patch,
    debian/patches/2-get-domain-tld.patch,
    debian/patches/3-chrome-xid.patch,
    debian/patches/4-chromeless-window-launch-option.patch,
    debian/patches/5-desktop-integration-settings.patch,
    debian/patches/fix-1034541.patch
    - Updated for v22
  * debian/patches/6-passwordless-install-support.patch
    - Webapp package installation (LP: #1059460)
  * debian/patches/7-plugin-status.patch
    - Don't block npapi plugins on linux, which is required by
      unity-chromium-extension

 -- Ken VanDine <email address hidden> Fri, 12 Oct 2012 09:31:11 -0400

Changed in chromium-browser (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.