advisories/10353.adv

type: security
subject: Updated chromium-browser-stable packages fixes security vulnerabilities
CVE:
 - CVE-2013-2837
 - CVE-2013-2838
 - CVE-2013-2839
 - CVE-2013-2840
 - CVE-2013-2841
 - CVE-2013-2842
 - CVE-2013-2843
 - CVE-2013-2844
 - CVE-2013-2845
 - CVE-2013-2846
 - CVE-2013-2847
 - CVE-2013-2848
 - CVE-2013-2849
 - CVE-2013-2855
 - CVE-2013-2856
 - CVE-2013-2857
 - CVE-2013-2858
 - CVE-2013-2859
 - CVE-2013-2860
 - CVE-2013-2861
 - CVE-2013-2862
 - CVE-2013-2863
 - CVE-2013-2865
src:
  2:
   core:
     - chromium-browser-stable-28.0.1500.45-1.mga2
  3:
   core:
     - chromium-browser-stable-28.0.1500.45-1.mga3
description: |
  Use-after-free vulnerability in the SVG implementation allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors (CVE-2013-2837).
  
  Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers
  to cause a denial of service (out-of-bounds read) via unspecified vectors
  (CVE-2013-2838).
  
  Chromium before 27.0.1453.93 does not properly perform a cast of an
  unspecified variable during handling of clipboard data, which allows remote
  attackers to cause a denial of service or possibly have other impact via
  unknown vectors (CVE-2013-2839).
  
  Use-after-free vulnerability in the media loader in Chromium before
  27.0.1453.93 allows remote attackers to cause a denial of service or possibly
  have unspecified other impact via unknown vectors (CVE-2013-2840).
  
  Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to the handling of Pepper resources
  (CVE-2013-2841).
  
  Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to the handling of widgets (CVE-2013-2842).
  
  Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to the handling of speech data (CVE-2013-2843).
  
  Use-after-free vulnerability in the Cascading Style Sheets (CSS)
  implementation in Chromium before 27.0.1453.93 allows remote attackers to
  cause a denial of service or possibly have unspecified other impact via
  vectors related to style resolution (CVE-2013-2844).
  
  The Web Audio implementation in Google Chrome before 27.0.1453.93 allows
  remote attackers to cause a denial of service (memory corruption) or possibly
  have unspecified other impact via unknown vectors (CVE-2013-2845).
  
  Use-after-free vulnerability in the media loader in Google Chrome before
  27.0.1453.93 allows remote attackers to cause a denial of service or possibly
  have unspecified other impact via unknown vectors (CVE-2013-2846).
  
  Race condition in the workers implementation in Google Chrome before
  27.0.1453.93 allows remote attackers to cause a denial of service
  (use-after-free and application crash) or possibly have unspecified other
  impact via unknown vectors (CVE-2013-2847).
  
  The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote
  attackers to obtain sensitive information via unspecified vectors
  (CVE-2013-2848).
  
  Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before
  27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web
  script or HTML via vectors involving a (1) drag-and-drop or
  (2) copy-and-paste operation (CVE-2013-2849).
  
  The Developer Tools API in Chromium before 27.0.1453.110 allows remote
  attackers to cause a denial of service (memory corruption) or possibly have
  unspecified other impact via unknown vectors (CVE-2013-2855).
  
  Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to the handling of input (CVE-2013-2856).
  
  Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors related to the handling of images (CVE-2013-2857).
  
  Use-after-free vulnerability in the HTML5 Audio implementation in Chromium
  before 27.0.1453.110 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors (CVE-2013-2858).
  
  Chromium before 27.0.1453.110 allows remote attackers to bypass the Same
  Origin Policy and trigger namespace pollution via unspecified vectors
  (CVE-2013-2859).
  
  Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via vectors involving access to a database API by a worker process
  (CVE-2013-2860).
  
  Use-after-free vulnerability in the SVG implementation in Chromium before
  27.0.1453.110 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors (CVE-2013-2861).
  
  Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU
  acceleration, which allows remote attackers to cause a denial of service
  (memory corruption) or possibly have unspecified other impact via unknown
  vectors (CVE-2013-2862).
  
  Chromium before 27.0.1453.110 does not properly handle SSL sockets, which
  allows remote attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors (CVE-2013-2863).
  
  Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow
  attackers to cause a denial of service or possibly have other impact via
  unknown vectors (CVE-2013-2865).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10353
 - http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
 - http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html
 - http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html
 - http://www.debian.org/security/2013/dsa-2695
 - http://www.debian.org/security/2013/dsa-2706
ID: MGASA-2013-0194
1	type: security
2	subject: Updated chromium-browser-stable packages fixes security vulnerabilities
3	CVE:
4	- CVE-2013-2837
5	- CVE-2013-2838
6	- CVE-2013-2839
7	- CVE-2013-2840
8	- CVE-2013-2841
9	- CVE-2013-2842
10	- CVE-2013-2843
11	- CVE-2013-2844
12	- CVE-2013-2845
13	- CVE-2013-2846
14	- CVE-2013-2847
15	- CVE-2013-2848
16	- CVE-2013-2849
17	- CVE-2013-2855
18	- CVE-2013-2856
19	- CVE-2013-2857
20	- CVE-2013-2858
21	- CVE-2013-2859
22	- CVE-2013-2860
23	- CVE-2013-2861
24	- CVE-2013-2862
25	- CVE-2013-2863
26	- CVE-2013-2865
27	src:
28	2:
29	core:
30	- chromium-browser-stable-28.0.1500.45-1.mga2
31	3:
32	core:
33	- chromium-browser-stable-28.0.1500.45-1.mga3
34	description: \|
35	Use-after-free vulnerability in the SVG implementation allows remote
36	attackers to cause a denial of service or possibly have unspecified other
37	impact via unknown vectors (CVE-2013-2837).
38
39	Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers
40	to cause a denial of service (out-of-bounds read) via unspecified vectors
41	(CVE-2013-2838).
42
43	Chromium before 27.0.1453.93 does not properly perform a cast of an
44	unspecified variable during handling of clipboard data, which allows remote
45	attackers to cause a denial of service or possibly have other impact via
46	unknown vectors (CVE-2013-2839).
47
48	Use-after-free vulnerability in the media loader in Chromium before
49	27.0.1453.93 allows remote attackers to cause a denial of service or possibly
50	have unspecified other impact via unknown vectors (CVE-2013-2840).
51
52	Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
53	attackers to cause a denial of service or possibly have unspecified other
54	impact via vectors related to the handling of Pepper resources
55	(CVE-2013-2841).
56
57	Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
58	attackers to cause a denial of service or possibly have unspecified other
59	impact via vectors related to the handling of widgets (CVE-2013-2842).
60
61	Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
62	attackers to cause a denial of service or possibly have unspecified other
63	impact via vectors related to the handling of speech data (CVE-2013-2843).
64
65	Use-after-free vulnerability in the Cascading Style Sheets (CSS)
66	implementation in Chromium before 27.0.1453.93 allows remote attackers to
67	cause a denial of service or possibly have unspecified other impact via
68	vectors related to style resolution (CVE-2013-2844).
69
70	The Web Audio implementation in Google Chrome before 27.0.1453.93 allows
71	remote attackers to cause a denial of service (memory corruption) or possibly
72	have unspecified other impact via unknown vectors (CVE-2013-2845).
73
74	Use-after-free vulnerability in the media loader in Google Chrome before
75	27.0.1453.93 allows remote attackers to cause a denial of service or possibly
76	have unspecified other impact via unknown vectors (CVE-2013-2846).
77
78	Race condition in the workers implementation in Google Chrome before
79	27.0.1453.93 allows remote attackers to cause a denial of service
80	(use-after-free and application crash) or possibly have unspecified other
81	impact via unknown vectors (CVE-2013-2847).
82
83	The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote
84	attackers to obtain sensitive information via unspecified vectors
85	(CVE-2013-2848).
86
87	Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before
88	27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web
89	script or HTML via vectors involving a (1) drag-and-drop or
90	(2) copy-and-paste operation (CVE-2013-2849).
91
92	The Developer Tools API in Chromium before 27.0.1453.110 allows remote
93	attackers to cause a denial of service (memory corruption) or possibly have
94	unspecified other impact via unknown vectors (CVE-2013-2855).
95
96	Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
97	attackers to cause a denial of service or possibly have unspecified other
98	impact via vectors related to the handling of input (CVE-2013-2856).
99
100	Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
101	attackers to cause a denial of service or possibly have unspecified other
102	impact via vectors related to the handling of images (CVE-2013-2857).
103
104	Use-after-free vulnerability in the HTML5 Audio implementation in Chromium
105	before 27.0.1453.110 allows remote attackers to cause a denial of service or
106	possibly have unspecified other impact via unknown vectors (CVE-2013-2858).
107
108	Chromium before 27.0.1453.110 allows remote attackers to bypass the Same
109	Origin Policy and trigger namespace pollution via unspecified vectors
110	(CVE-2013-2859).
111
112	Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
113	attackers to cause a denial of service or possibly have unspecified other
114	impact via vectors involving access to a database API by a worker process
115	(CVE-2013-2860).
116
117	Use-after-free vulnerability in the SVG implementation in Chromium before
118	27.0.1453.110 allows remote attackers to cause a denial of service or
119	possibly have unspecified other impact via unknown vectors (CVE-2013-2861).
120
121	Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU
122	acceleration, which allows remote attackers to cause a denial of service
123	(memory corruption) or possibly have unspecified other impact via unknown
124	vectors (CVE-2013-2862).
125
126	Chromium before 27.0.1453.110 does not properly handle SSL sockets, which
127	allows remote attackers to execute arbitrary code or cause a denial of
128	service (memory corruption) via unspecified vectors (CVE-2013-2863).
129
130	Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow
131	attackers to cause a denial of service or possibly have other impact via
132	unknown vectors (CVE-2013-2865).
133	references:
134	- https://bugs.mageia.org/show_bug.cgi?id=10353
135	- http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
136	- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html
137	- http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html
138	- http://www.debian.org/security/2013/dsa-2695
139	- http://www.debian.org/security/2013/dsa-2706
140	ID: MGASA-2013-0194