/[advisories]/10353.adv
ViewVC logotype

Contents of /10353.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 123 - (show annotations) (download)
Mon Jul 1 19:12:53 2013 UTC (4 years, 3 months ago) by boklm
File size: 6274 byte(s)
MGASA-2013-0194
1 type: security
2 subject: Updated chromium-browser-stable packages fixes security vulnerabilities
3 CVE:
4 - CVE-2013-2837
5 - CVE-2013-2838
6 - CVE-2013-2839
7 - CVE-2013-2840
8 - CVE-2013-2841
9 - CVE-2013-2842
10 - CVE-2013-2843
11 - CVE-2013-2844
12 - CVE-2013-2845
13 - CVE-2013-2846
14 - CVE-2013-2847
15 - CVE-2013-2848
16 - CVE-2013-2849
17 - CVE-2013-2855
18 - CVE-2013-2856
19 - CVE-2013-2857
20 - CVE-2013-2858
21 - CVE-2013-2859
22 - CVE-2013-2860
23 - CVE-2013-2861
24 - CVE-2013-2862
25 - CVE-2013-2863
26 - CVE-2013-2865
27 src:
28 2:
29 core:
30 - chromium-browser-stable-28.0.1500.45-1.mga2
31 3:
32 core:
33 - chromium-browser-stable-28.0.1500.45-1.mga3
34 description: |
35 Use-after-free vulnerability in the SVG implementation allows remote
36 attackers to cause a denial of service or possibly have unspecified other
37 impact via unknown vectors (CVE-2013-2837).
38
39 Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers
40 to cause a denial of service (out-of-bounds read) via unspecified vectors
41 (CVE-2013-2838).
42
43 Chromium before 27.0.1453.93 does not properly perform a cast of an
44 unspecified variable during handling of clipboard data, which allows remote
45 attackers to cause a denial of service or possibly have other impact via
46 unknown vectors (CVE-2013-2839).
47
48 Use-after-free vulnerability in the media loader in Chromium before
49 27.0.1453.93 allows remote attackers to cause a denial of service or possibly
50 have unspecified other impact via unknown vectors (CVE-2013-2840).
51
52 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
53 attackers to cause a denial of service or possibly have unspecified other
54 impact via vectors related to the handling of Pepper resources
55 (CVE-2013-2841).
56
57 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
58 attackers to cause a denial of service or possibly have unspecified other
59 impact via vectors related to the handling of widgets (CVE-2013-2842).
60
61 Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
62 attackers to cause a denial of service or possibly have unspecified other
63 impact via vectors related to the handling of speech data (CVE-2013-2843).
64
65 Use-after-free vulnerability in the Cascading Style Sheets (CSS)
66 implementation in Chromium before 27.0.1453.93 allows remote attackers to
67 cause a denial of service or possibly have unspecified other impact via
68 vectors related to style resolution (CVE-2013-2844).
69
70 The Web Audio implementation in Google Chrome before 27.0.1453.93 allows
71 remote attackers to cause a denial of service (memory corruption) or possibly
72 have unspecified other impact via unknown vectors (CVE-2013-2845).
73
74 Use-after-free vulnerability in the media loader in Google Chrome before
75 27.0.1453.93 allows remote attackers to cause a denial of service or possibly
76 have unspecified other impact via unknown vectors (CVE-2013-2846).
77
78 Race condition in the workers implementation in Google Chrome before
79 27.0.1453.93 allows remote attackers to cause a denial of service
80 (use-after-free and application crash) or possibly have unspecified other
81 impact via unknown vectors (CVE-2013-2847).
82
83 The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote
84 attackers to obtain sensitive information via unspecified vectors
85 (CVE-2013-2848).
86
87 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before
88 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web
89 script or HTML via vectors involving a (1) drag-and-drop or
90 (2) copy-and-paste operation (CVE-2013-2849).
91
92 The Developer Tools API in Chromium before 27.0.1453.110 allows remote
93 attackers to cause a denial of service (memory corruption) or possibly have
94 unspecified other impact via unknown vectors (CVE-2013-2855).
95
96 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
97 attackers to cause a denial of service or possibly have unspecified other
98 impact via vectors related to the handling of input (CVE-2013-2856).
99
100 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
101 attackers to cause a denial of service or possibly have unspecified other
102 impact via vectors related to the handling of images (CVE-2013-2857).
103
104 Use-after-free vulnerability in the HTML5 Audio implementation in Chromium
105 before 27.0.1453.110 allows remote attackers to cause a denial of service or
106 possibly have unspecified other impact via unknown vectors (CVE-2013-2858).
107
108 Chromium before 27.0.1453.110 allows remote attackers to bypass the Same
109 Origin Policy and trigger namespace pollution via unspecified vectors
110 (CVE-2013-2859).
111
112 Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
113 attackers to cause a denial of service or possibly have unspecified other
114 impact via vectors involving access to a database API by a worker process
115 (CVE-2013-2860).
116
117 Use-after-free vulnerability in the SVG implementation in Chromium before
118 27.0.1453.110 allows remote attackers to cause a denial of service or
119 possibly have unspecified other impact via unknown vectors (CVE-2013-2861).
120
121 Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU
122 acceleration, which allows remote attackers to cause a denial of service
123 (memory corruption) or possibly have unspecified other impact via unknown
124 vectors (CVE-2013-2862).
125
126 Chromium before 27.0.1453.110 does not properly handle SSL sockets, which
127 allows remote attackers to execute arbitrary code or cause a denial of
128 service (memory corruption) via unspecified vectors (CVE-2013-2863).
129
130 Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow
131 attackers to cause a denial of service or possibly have other impact via
132 unknown vectors (CVE-2013-2865).
133 references:
134 - https://bugs.mageia.org/show_bug.cgi?id=10353
135 - http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
136 - http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html
137 - http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html
138 - http://www.debian.org/security/2013/dsa-2695
139 - http://www.debian.org/security/2013/dsa-2706
140 ID: MGASA-2013-0194

  ViewVC Help
Powered by ViewVC 1.1.26