[Pkg-chromium-maint] Bug#607848: chromium-browser: CVE-2010-4574 DoS (crash), invalid pointer arithmetic in pickle.cc

Jonathan Wiltshire jmw at debian.org
Wed Dec 22 22:57:27 UTC 2010 

Package: chromium-browser
Version: 6.0.472.63~r59945-3
Severity: important
Tags: upstream patch security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Pickle::Pickle function in base/pickle.cc in Google Chrome before
8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms
does not properly perform pointer arithmetic, which allows remote attackers
to bypass message deserialization validation, and cause a denial of service
or possibly have unspecified other impact, via invalid pickle data.

The attached patch comes from r68033 in the upstream repository and it's
issue 56449 (code review at http://codereview.chromium.org/4716006/).


- -- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages chromium-browser depends on:
ii  chromium-browser-ins 6.0.472.63~r59945-3 page inspector for the chromium-br
ii  libasound2           1.0.23-2.1          shared library for ALSA applicatio
ii  libatk1.0-0          1.30.0-1            The ATK accessibility toolkit
ii  libbz2-1.0           1.0.5-6             high-quality block-sorting file co
ii  libc6                2.11.2-7            Embedded GNU C Library: Shared lib
ii  libcairo2            1.8.10-6            The Cairo 2D vector graphics libra
ii  libcups2             1.4.5-1             Common UNIX Printing System(tm) - 
ii  libdbus-1-3          1.2.24-3            simple interprocess messaging syst
ii  libdbus-glib-1-2     0.88-2              simple interprocess messaging syst
ii  libevent-1.4-2       1.4.13-stable-1     An asynchronous event notification
ii  libexpat1            2.0.1-7             XML parsing C library - runtime li
ii  libfontconfig1       2.8.0-2.1           generic font configuration library
ii  libfreetype6         2.4.2-2.1           FreeType 2 font engine, shared lib
ii  libgcc1              1:4.4.5-10          GCC support library
ii  libgconf2-4          2.28.1-6            GNOME configuration database syste
ii  libgcrypt11          1.4.5-2             LGPL Crypto library - runtime libr
ii  libgl1-mesa-glx [lib 7.7.1-4             A free implementation of the OpenG
ii  libglewmx1.5         1.5.4-1             The OpenGL Extension Wrangler - ru
ii  libglib2.0-0         2.24.2-1            The GLib library of C routines
ii  libgtk2.0-0          2.20.1-2            The GTK+ graphical user interface 
ii  libicu44             4.4.2-2             International Components for Unico
ii  libjpeg62            6b1-1               The Independent JPEG Group's JPEG 
ii  libnspr4-0d          4.8.6-1             NetScape Portable Runtime Library
ii  libnss3-1d           3.12.8-1            Network Security Service libraries
ii  libpango1.0-0        1.28.3-1            Layout and rendering of internatio
ii  libpng12-0           1.2.44-1            PNG library - runtime
ii  libstdc++6           4.4.5-10            The GNU Standard C++ Library v3
ii  libv8-2.2.24         2.2.24-7            V8 JavaScript Engine
ii  libvpx0              0.9.1-2             VP8 video codec (shared library)
ii  libx11-6             2:1.3.3-4           X11 client-side library
ii  libxext6             2:1.1.2-1           X11 miscellaneous extension librar
ii  libxml2              2.7.8.dfsg-1        GNOME XML library
ii  libxrender1          1:0.9.6-1           X Rendering Extension client libra
ii  libxslt1.1           1.1.26-6            XSLT 1.0 processing library - runt
ii  libxss1              1:1.2.1-1           X11 Screen Saver extension library
ii  xdg-utils            1.0.2+cvs20100307-3 desktop integration utilities from
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

chromium-browser recommends no packages.

Versions of packages chromium-browser suggests:
ii  chromium-browser-l10 6.0.472.63~r59945-3 chromium-browser language packages

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNEoJXAAoJEFOUR53TUkxRtjoP/2SLzyyGGGo//Ttac128nUP6
w8hG2iwv8ZFycL2mbh4dN+WdAH6y3YorN9Ky3OiL0uDgCrTWXcZ/FoLQ09HO2g1K
uj7R94lJDyQFw9ZIZZ4uWpHsC0LZdbDhrEeFCgEan57DXsIOebouz0o/J4W1+z4A
9U2AJfidzohNNNSbJCNqdK2OyxSxnt4cBUL/1C4qM8Bth38KeJo8ZLhLpYIXzlgJ
XmL/McECY9FLoTNjIelpB7BF6xK0T+R0D1dEefjC8Pmf91EdJfL5LtEsys47SavN
H3xO1m0/CgiADjjEZMWGkqe3Ra2i62okHZz/raXhOxPRtS81OFS+MH7yd8aSJ6+0
45k9cNYOIePMC3pAeiELJf3puYpGtXQoICqihxOWCdgUWIAji1q1FowfTwOCxFBA
MPklE+R2Sw3cDrFvyf+/IdIL5ZjWv2kx8RxDr1hgowP+9JnzCvO03ADFvLztxs+F
OHFgCARArUd5i/f1ozAP10VWSvcI/MNMEf2YuQqPi0g5lwByHewL4bl4E3x2O9MM
xr02xVKsB+bsmoS//eaYobXxqPgKNj38aK8SPvQOTEDkeDwjepSzGLLMzZcO/GWc
H+vsOPzRC3iYJJxyzQWg9lFxx1cUQo13a8hey5XJ3V2LyOq/Fn9mmlX8peAB2zDx
HEKIJ40s90VUz2xMQuHL
=eAhW
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20101222/4d00390a/attachment.htm>

More information about the Pkg-chromium-maint mailing list