MDKSA-2006:213

Package name

chromium

Date

2006-11-16

Advisory ID

MDKSA-2006:213

Affected versions

CS3.0 i586 , CS3.0 x86_64 , 2007.0 x86_64 , 2007.0 i586

Problem description

Chromium is an OpenGL-based shoot them up game with fine graphics. It
is built with a private copy of libpng, and as such could be
susceptible to some of the same vulnerabilities:

Buffer overflow in the png_decompress_chunk function in pngrutil.c in
libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the
"chunk_name". (CVE-2006-3334)

It is questionable whether this issue is actually exploitable, but the
patch to correct the issue has been included in versions < 1.2.12.

In addition, an patch to address several old vulnerabilities has been
applied to this build. (CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599)

Packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 69ca9e0a4887c915bc283164b763b054  corporate/3.0/i586/chromium-0.9.12-21.1.C30mdk.i586.rpm
 4ca444ca9edb34229f0d1449f2e4d82f  corporate/3.0/i586/chromium-setup-0.9.12-21.1.C30mdk.i586.rpm 
 5007614bdfc283a0f5bb854955606ed1  corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm

CS3.0 x86_64

 96a4f2c6ba97c16d04f816656a88d674  corporate/3.0/x86_64/chromium-0.9.12-21.1.C30mdk.x86_64.rpm
 5b229452f499143e5d1dd73420d120aa  corporate/3.0/x86_64/chromium-setup-0.9.12-21.1.C30mdk.x86_64.rpm 
 5007614bdfc283a0f5bb854955606ed1  corporate/3.0/SRPMS/chromium-0.9.12-21.1.C30mdk.src.rpm

2007.0 x86_64

 c2b87550ef24da183d0fe78e850080b5  2007.0/x86_64/chromium-0.9.12-25.1mdv2007.0.x86_64.rpm
 91e024a81f7ff04e49f429259feaf4cd  2007.0/x86_64/chromium-setup-0.9.12-25.1mdv2007.0.x86_64.rpm 
 4dda1bbb70cce5cb6f1112995992ee1e  2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm

2007.0 i586

 7d7fd24f8be5c881673c11ed7fdda1d0  2007.0/i586/chromium-0.9.12-25.1mdv2007.0.i586.rpm
 6175ab1df71466a69049dbda899c7c4b  2007.0/i586/chromium-setup-0.9.12-25.1mdv2007.0.i586.rpm 
 4dda1bbb70cce5cb6f1112995992ee1e  2007.0/SRPMS/chromium-0.9.12-25.1mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334