Detalji

U radu programskog paketa Chromium browser, namijenjenog operacijskom sustavu Debian, uočene su dvije nove ranjiosti. Riječ je o popularnom web pregledniku otvorenog koda. Propusti su uzrokovani nepravilnim rukovanjem pogreškama koje nastaju zbog nedostajućeg znaka u datotečnom nastavku te pojavom cjelobrojnog prepisivanja u WebKit modulu. Udaljeni napadači mogu iskoristiti spomenute nedostatke za izvođenje DoS napada putem zlonamjerno oblikovanog nastavka ili za pokretanje proizvoljnog programskog koda. Budući je dostupna odgovarajuća nadogradnja svi korisnici se upućuju na njenu primjenu.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2192-1                   Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://www.debian.org/security/                         Giuseppe Iuculano
March 15, 2011                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-0779 CVE-2011-1290


Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2011-0779

  Google Chrome before 9.0.597.84 does not properly handle a missing key in an
  extension, which allows remote attackers to cause a denial of service
  (application crash) via a crafted extension.

CVE-2011-1290

  Integer overflow in WebKit allows remote attackers to execute arbitrary code
  via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers,
and
  Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.


For the stable distribution (squeeze), these problems have been fixed
in version 6.0.472.63~r59945-5+squeeze4

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed
version 10.0.648.133~r77742-1


We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk1/lHMACgkQNxpp46476ao/EwCdFThT2dtAQ9HB8yza9Z4gIqV4
FeIAn3zISoa/86EhpLs5qjhMB9gQ6Oc0
=QJZP
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
with a subject of "unsubscribe". Trouble? Contact Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Archive: http://lists.debian.org/Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Idi na vrh