1 |
type: security |
2 |
subject: Updated chromium-browser-stable packages fixes security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-2837 |
5 |
- CVE-2013-2838 |
6 |
- CVE-2013-2839 |
7 |
- CVE-2013-2840 |
8 |
- CVE-2013-2841 |
9 |
- CVE-2013-2842 |
10 |
- CVE-2013-2843 |
11 |
- CVE-2013-2844 |
12 |
- CVE-2013-2845 |
13 |
- CVE-2013-2846 |
14 |
- CVE-2013-2847 |
15 |
- CVE-2013-2848 |
16 |
- CVE-2013-2849 |
17 |
- CVE-2013-2855 |
18 |
- CVE-2013-2856 |
19 |
- CVE-2013-2857 |
20 |
- CVE-2013-2858 |
21 |
- CVE-2013-2859 |
22 |
- CVE-2013-2860 |
23 |
- CVE-2013-2861 |
24 |
- CVE-2013-2862 |
25 |
- CVE-2013-2863 |
26 |
- CVE-2013-2865 |
27 |
src: |
28 |
2: |
29 |
core: |
30 |
- chromium-browser-stable-28.0.1500.45-1.mga2 |
31 |
3: |
32 |
core: |
33 |
- chromium-browser-stable-28.0.1500.45-1.mga3 |
34 |
description: | |
35 |
Use-after-free vulnerability in the SVG implementation allows remote |
36 |
attackers to cause a denial of service or possibly have unspecified other |
37 |
impact via unknown vectors (CVE-2013-2837). |
38 |
|
39 |
Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers |
40 |
to cause a denial of service (out-of-bounds read) via unspecified vectors |
41 |
(CVE-2013-2838). |
42 |
|
43 |
Chromium before 27.0.1453.93 does not properly perform a cast of an |
44 |
unspecified variable during handling of clipboard data, which allows remote |
45 |
attackers to cause a denial of service or possibly have other impact via |
46 |
unknown vectors (CVE-2013-2839). |
47 |
|
48 |
Use-after-free vulnerability in the media loader in Chromium before |
49 |
27.0.1453.93 allows remote attackers to cause a denial of service or possibly |
50 |
have unspecified other impact via unknown vectors (CVE-2013-2840). |
51 |
|
52 |
Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote |
53 |
attackers to cause a denial of service or possibly have unspecified other |
54 |
impact via vectors related to the handling of Pepper resources |
55 |
(CVE-2013-2841). |
56 |
|
57 |
Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote |
58 |
attackers to cause a denial of service or possibly have unspecified other |
59 |
impact via vectors related to the handling of widgets (CVE-2013-2842). |
60 |
|
61 |
Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote |
62 |
attackers to cause a denial of service or possibly have unspecified other |
63 |
impact via vectors related to the handling of speech data (CVE-2013-2843). |
64 |
|
65 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) |
66 |
implementation in Chromium before 27.0.1453.93 allows remote attackers to |
67 |
cause a denial of service or possibly have unspecified other impact via |
68 |
vectors related to style resolution (CVE-2013-2844). |
69 |
|
70 |
The Web Audio implementation in Google Chrome before 27.0.1453.93 allows |
71 |
remote attackers to cause a denial of service (memory corruption) or possibly |
72 |
have unspecified other impact via unknown vectors (CVE-2013-2845). |
73 |
|
74 |
Use-after-free vulnerability in the media loader in Google Chrome before |
75 |
27.0.1453.93 allows remote attackers to cause a denial of service or possibly |
76 |
have unspecified other impact via unknown vectors (CVE-2013-2846). |
77 |
|
78 |
Race condition in the workers implementation in Google Chrome before |
79 |
27.0.1453.93 allows remote attackers to cause a denial of service |
80 |
(use-after-free and application crash) or possibly have unspecified other |
81 |
impact via unknown vectors (CVE-2013-2847). |
82 |
|
83 |
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote |
84 |
attackers to obtain sensitive information via unspecified vectors |
85 |
(CVE-2013-2848). |
86 |
|
87 |
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before |
88 |
27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web |
89 |
script or HTML via vectors involving a (1) drag-and-drop or |
90 |
(2) copy-and-paste operation (CVE-2013-2849). |
91 |
|
92 |
The Developer Tools API in Chromium before 27.0.1453.110 allows remote |
93 |
attackers to cause a denial of service (memory corruption) or possibly have |
94 |
unspecified other impact via unknown vectors (CVE-2013-2855). |
95 |
|
96 |
Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote |
97 |
attackers to cause a denial of service or possibly have unspecified other |
98 |
impact via vectors related to the handling of input (CVE-2013-2856). |
99 |
|
100 |
Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote |
101 |
attackers to cause a denial of service or possibly have unspecified other |
102 |
impact via vectors related to the handling of images (CVE-2013-2857). |
103 |
|
104 |
Use-after-free vulnerability in the HTML5 Audio implementation in Chromium |
105 |
before 27.0.1453.110 allows remote attackers to cause a denial of service or |
106 |
possibly have unspecified other impact via unknown vectors (CVE-2013-2858). |
107 |
|
108 |
Chromium before 27.0.1453.110 allows remote attackers to bypass the Same |
109 |
Origin Policy and trigger namespace pollution via unspecified vectors |
110 |
(CVE-2013-2859). |
111 |
|
112 |
Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote |
113 |
attackers to cause a denial of service or possibly have unspecified other |
114 |
impact via vectors involving access to a database API by a worker process |
115 |
(CVE-2013-2860). |
116 |
|
117 |
Use-after-free vulnerability in the SVG implementation in Chromium before |
118 |
27.0.1453.110 allows remote attackers to cause a denial of service or |
119 |
possibly have unspecified other impact via unknown vectors (CVE-2013-2861). |
120 |
|
121 |
Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU |
122 |
acceleration, which allows remote attackers to cause a denial of service |
123 |
(memory corruption) or possibly have unspecified other impact via unknown |
124 |
vectors (CVE-2013-2862). |
125 |
|
126 |
Chromium before 27.0.1453.110 does not properly handle SSL sockets, which |
127 |
allows remote attackers to execute arbitrary code or cause a denial of |
128 |
service (memory corruption) via unspecified vectors (CVE-2013-2863). |
129 |
|
130 |
Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow |
131 |
attackers to cause a denial of service or possibly have other impact via |
132 |
unknown vectors (CVE-2013-2865). |
133 |
references: |
134 |
- https://bugs.mageia.org/show_bug.cgi?id=10353 |
135 |
- http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html |
136 |
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html |
137 |
- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html |
138 |
- http://www.debian.org/security/2013/dsa-2695 |
139 |
- http://www.debian.org/security/2013/dsa-2706 |
140 |
ID: MGASA-2013-0194 |