ID de Prueba:	1.3.6.1.4.1.25623.1.0.71288
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: chromium
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: chromium CVE-2011-3057 Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. CVE-2011-3058 Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. CVE-2011-3059 Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3060 Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3061 Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. CVE-2011-3062 Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. CVE-2011-3063 Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. CVE-2011-3064 Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. CVE-2011-3065 Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. This VT has been deprecated and is therefore no longer functional. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3057 BugTraq ID: 52674 http://www.securityfocus.com/bid/52674 http://security.gentoo.org/glsa/glsa-201203-19.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385 http://www.securitytracker.com/id?1026877 http://secunia.com/advisories/48512 http://secunia.com/advisories/48527 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 XForce ISS Database: google-chrome-v8-ce(74217) https://exchange.xforce.ibmcloud.com/vulnerabilities/74217 Common Vulnerability Exposure (CVE) ID: CVE-2011-3058 http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html BugTraq ID: 52762 http://www.securityfocus.com/bid/52762 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15492 XForce ISS Database: google-chrome-interaction-xss(74408) https://exchange.xforce.ibmcloud.com/vulnerabilities/74408 Common Vulnerability Exposure (CVE) ID: CVE-2011-3059 http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15200 XForce ISS Database: chrome-svg-text-code-execution(74409) https://exchange.xforce.ibmcloud.com/vulnerabilities/74409 Common Vulnerability Exposure (CVE) ID: CVE-2011-3060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15364 XForce ISS Database: chrome-text-fragment-code-exec(74410) https://exchange.xforce.ibmcloud.com/vulnerabilities/74410 Common Vulnerability Exposure (CVE) ID: CVE-2011-3061 http://osvdb.org/80739 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14849 XForce ISS Database: chrome-spdy-sec-bypass(74411) https://exchange.xforce.ibmcloud.com/vulnerabilities/74411 Common Vulnerability Exposure (CVE) ID: CVE-2011-3062 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://osvdb.org/80740 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15488 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 XForce ISS Database: chrome-sanitizer-code-exec(74412) https://exchange.xforce.ibmcloud.com/vulnerabilities/74412 Common Vulnerability Exposure (CVE) ID: CVE-2011-3063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226 XForce ISS Database: chrome-renderer-sec-bypass(74413) https://exchange.xforce.ibmcloud.com/vulnerabilities/74413 Common Vulnerability Exposure (CVE) ID: CVE-2011-3064 http://osvdb.org/80742 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14755 Common Vulnerability Exposure (CVE) ID: CVE-2011-3065 http://osvdb.org/80743 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15415 XForce ISS Database: google-skia-code-execution(74415) https://exchange.xforce.ibmcloud.com/vulnerabilities/74415
Copyright	Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.