ID

VAR-201210-0149

CVE

CVE-2012-5112

TITLE

Used in multiple products WebKit Vulnerable to arbitrary code execution

DESCRIPTION

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, and write to arbitrary local files in context of an unsuspecting user running the affected application; other attacks are also possible. Versions prior to Chrome 22.0.1229.94 are vulnerable. Google Chrome is a web browser developed by Google (Google). ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Two Vulnerabilities SECUNIA ADVISORY ID: SA50954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50954 RELEASE DATE: 2012-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/50954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) A use-after-free error in Webkit's SVG (Scalable Vector Graphics) functionality can be exploited to dereference already freed memory. 2) An unspecified error in the IPC (Inter-Process Communication) layer can be exploited to write arbitrary files and escape the Chrome sandbox. PROVIDED AND/OR DISCOVERED BY: The vendor credits Pinkie Pie. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html Pwnium 2 results and wrap-up: http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For OS X Mountain Lion systems Safari 6.0.2 is available via Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-01-1 iOS 6.0.1 iOS 6.0.1 is now available and addresses the following: Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to access Passbook passes without entering a passcode Description: A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes. CVE-ID CVE-2012-3750 : Anton Tsviatkou WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays. CVE-ID CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling. CVE-ID CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "6.0.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQkZabAAoJEPefwLHPlZEwr00P/204OjJMiHe2I/bhwLanLfxw NEm7Ds0rBTZo7pA2mjeabUO1QpjeIZptMxtAD3p769KVd+eF9NO8ap3OaKzzhb2B uKvaiyLRcUG0mQh87e0K9hiZdU6N8yyBpoodK4/7vJFVDqxqlanmS/ewIPtG+a4L aIZcuy7ats8djpTd2tjVUGHhvtkX5exzU8+/F+ajISYMxQqYa26sAvAobJTvQWAx v9fanfgpE+hVXSH879yJlHIh7H64YhA8M+qQEzW2fz/YRXP/YC2tlFxvVUzB5Lyj uR2ER9MLi02rbJQbYzMEooWq2niPlh+c2LG+5KAqCGUGHWomTbeWui/yS27uQLrJ sbkpkaZuJPL5d1Mn9x70hlWyB6jpbfwsBw+H9XPYtHk1YhslYofNCdShJc8RNtME NSXjU2MBnga1KcQI9Kyyt6OfmGYqRKWqcX+xPuPhKdTCM3S4c6M1UgiVJgeQh5+f Wu87jgZ45CSiu28M2XN6wNKJflhrGpxBYdIGJHsYxu9lfh3WUFpr14NFpe//MChS Xhtiq9Neo+UqcYH1xV40FESHRy3iSe3jj2kJceUxvu0juLEdkYZu4aVp+2nCQokl akQ7iOvcE4l42LpO9GiVfo2PgtyH4vq5gyzpWRWtjhi3F6HDWY3yFBciYlzy0qsu am5QBITYy5QuxM/Pg+MO =eLYi -----END PGP SIGNATURE----- . In certain contexts, an active network attacker could present untrusted certificates to iTunes and they would be accepted without warning. CVE-ID CVE-2012-2824 : miaubiz CVE-2012-2857 : Arthur Gerkis CVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative CVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0951 : Apple CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team CVE-2013-0955 : Apple CVE-2013-0956 : Apple Product Security CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0960 : Apple CVE-2013-0961 : wushi of team509 working with iDefense VCP CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP TippingPoint's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP TippingPoint's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP TippingPoint's Zero Day Initiative CVE-2013-1000 : Fermin J. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201210-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: October 21, 2012 Bugs: #433551, #436234, #437664, #437984 ID: 201210-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 22.0.1229.94 >= 22.0.1229.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, arbitrary file write, a Denial of Service condition, Cross-Site Scripting in SSL interstitial and various Universal Cross-Site Scripting attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-22.0.1229.94" References ========== [ 1 ] CVE-2012-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859 [ 2 ] CVE-2012-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860 [ 3 ] CVE-2012-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865 [ 4 ] CVE-2012-2866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866 [ 5 ] CVE-2012-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867 [ 6 ] CVE-2012-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868 [ 7 ] CVE-2012-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869 [ 8 ] CVE-2012-2872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872 [ 9 ] CVE-2012-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2874 [ 10 ] CVE-2012-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2876 [ 11 ] CVE-2012-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2877 [ 12 ] CVE-2012-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2878 [ 13 ] CVE-2012-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2879 [ 14 ] CVE-2012-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2880 [ 15 ] CVE-2012-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2881 [ 16 ] CVE-2012-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2882 [ 17 ] CVE-2012-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2883 [ 18 ] CVE-2012-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2884 [ 19 ] CVE-2012-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2885 [ 20 ] CVE-2012-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2886 [ 21 ] CVE-2012-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2887 [ 22 ] CVE-2012-2888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2888 [ 23 ] CVE-2012-2889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2889 [ 24 ] CVE-2012-2891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2891 [ 25 ] CVE-2012-2892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2892 [ 26 ] CVE-2012-2894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2894 [ 27 ] CVE-2012-2896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2896 [ 28 ] CVE-2012-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900 [ 29 ] CVE-2012-5108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108 [ 30 ] CVE-2012-5110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110 [ 31 ] CVE-2012-5111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111 [ 32 ] CVE-2012-5112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5112 [ 33 ] CVE-2012-5376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5376 [ 34 ] Release Notes 21.0.1180.89 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30= .html [ 35 ] Release Notes 22.0.1229.79 http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25= .html [ 36 ] Release Notes 22.0.1229.92 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.ht= ml [ 37 ] Release Notes 22.0.1229.94 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_61= 05.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201210-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Pinkie Pie

SOURCES

LAST UPDATE DATE

2024-11-23T20:06:44.384000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE