Advisories
Mandriva Advisories
|
 |
| Problem Description |
Chromium is an OpenGL-based shoot them up game with fine graphics. It
is built with a private copy of libpng, and as such could be
susceptible to some of the same vulnerabilities:
Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name". (CVE-2006-3334)
It is questionable whether this issue is actually exploitable, but the
patch to correct the issue has been included in versions < 1.2.12.
In addition, an patch to address several old vulnerabilities has been
applied to this build. (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599)
Packages have been patched to correct these issues.
| Updated Packages |
Corporate Server 3.0
69ca9e0a4887c915bc283164b763b054 corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm 4ca444ca9edb34229f0d1449f2e4d82f corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm 5007614bdfc283a0f5bb854955606ed1 corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
96a4f2c6ba97c16d04f816656a88d674 corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm 5b229452f499143e5d1dd73420d120aa corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm 5007614bdfc283a0f5bb854955606ed1 corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm
Mandriva Linux 2007
7d7fd24f8be5c881673c11ed7fdda1d0 2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm 6175ab1df71466a69049dbda899c7c4b 2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm 4dda1bbb70cce5cb6f1112995992ee1e 2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
c2b87550ef24da183d0fe78e850080b5 2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm 91e024a81f7ff04e49f429259feaf4cd 2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm 4dda1bbb70cce5cb6f1112995992ee1e 2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.