Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Wed, 16 Nov 2011 19:13:09 +0100
Type : VULN
Sujet : CERT-Renater : 2011/VULN632 (Google Chrome : Stable Channel Update updated to 15.0.874.120)
====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN632
_____________________________________________________________________

DATE                : 16/11/2011

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Google Chrome Stable channel
                       versions prior to 15.0.874.120.

======================================================================
http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
______________________________________________________________________

Stable Channel Update

Thursday, November 10, 2011 | 07:30

Labels: Stable updates


The Stable channel has been updated to 15.0.874.120 for Windows, Mac,
Linux and Chrome Frame platforms

All

    Updated V8 - 3.5.10.23
    Fix small print sizing issues (issues: 102186, 82472, 102154)
    This new build also contains a new version of Flash which contains
security fixes. (Release Notes)

Mac

    Fixed the "certificate is not yet valid" error for server
certificate issued by a VeriSign intermediate CA. (issue 101555)


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are
up to date with the fix.

    [$500] [100465] High CVE-2011-3892: Double free in Theora decoder.
Credit to Aki Helin of OUSPG.
    [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads
in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
    [101172] High CVE-2011-3894: Memory corruption regression in VP8
decoding. Credit to Andrew Scherkus of the Chromium development
community.
    [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis
decoder. Credit to Aki Helin of OUSPG.
    [101624] High CVE-2011-3896: Buffer overflow in shader variable
mapping. Credit to Ken “strcpy” Russell of the Chromium development
community.
    [102242] High CVE-2011-3897: Use-after-free in editing. Credit to
pa_kt reported through ZDI (ZDI-CAN-1416).
    [102461] Low CVE-2011-3898: Failure to ask for permission to run
applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).

The bugs [100465], [100492], [100543] and [101458] were detected using
AddressSanitizer.


Full details about what changes have been made in this release are
available in the SVN revisions log. Interested in switching to another
channel?  Find out how.  If you find a new issue, please let us know by
filing a bug.



Karen Grunberg
Google Chrome


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================

[An attachment of type application/pkcs7-signature was included here]