CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2011/VULN632 _____________________________________________________________________ DATE : 16/11/2011 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Google Chrome Stable channel versions prior to 15.0.874.120. ====================================================================== http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html ______________________________________________________________________ Stable Channel Update Thursday, November 10, 2011 | 07:30 Labels: Stable updates The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms All Updated V8 - 3.5.10.23 Fix small print sizing issues (issues: 102186, 82472, 102154) This new build also contains a new version of Flash which contains security fixes. (Release Notes) Mac Fixed the "certificate is not yet valid" error for server certificate issued by a VeriSign intermediate CA. (issue 101555) Security fixes and rewards: Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. [$500] [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans). The bugs [100465], [100492], [100543] and [101458] were detected using AddressSanitizer. Full details about what changes have been made in this release are available in the SVN revisions log. Interested in switching to another channel? Find out how. If you find a new issue, please let us know by filing a bug. Karen Grunberg Google Chrome ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + ========================================================= [An attachment of type application/pkcs7-signature was included here]