/[advisories]/10353.adv
ViewVC logotype

Annotation of /10353.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 123 - (hide annotations) (download)
Mon Jul 1 19:12:53 2013 UTC (10 years, 10 months ago) by boklm
File size: 6274 byte(s)
MGASA-2013-0194
1 davidwhodgins 110 type: security
2     subject: Updated chromium-browser-stable packages fixes security vulnerabilities
3     CVE:
4     - CVE-2013-2837
5     - CVE-2013-2838
6     - CVE-2013-2839
7     - CVE-2013-2840
8     - CVE-2013-2841
9     - CVE-2013-2842
10     - CVE-2013-2843
11     - CVE-2013-2844
12     - CVE-2013-2845
13     - CVE-2013-2846
14     - CVE-2013-2847
15     - CVE-2013-2848
16     - CVE-2013-2849
17     - CVE-2013-2855
18     - CVE-2013-2856
19     - CVE-2013-2857
20     - CVE-2013-2858
21     - CVE-2013-2859
22     - CVE-2013-2860
23     - CVE-2013-2861
24     - CVE-2013-2862
25     - CVE-2013-2863
26     - CVE-2013-2865
27     src:
28     2:
29     core:
30     - chromium-browser-stable-28.0.1500.45-1.mga2
31     3:
32     core:
33     - chromium-browser-stable-28.0.1500.45-1.mga3
34     description: |
35     Use-after-free vulnerability in the SVG implementation allows remote
36     attackers to cause a denial of service or possibly have unspecified other
37     impact via unknown vectors (CVE-2013-2837).
38    
39     Google V8, as used in Chromium before 27.0.1453.93, allows remote attackers
40     to cause a denial of service (out-of-bounds read) via unspecified vectors
41     (CVE-2013-2838).
42    
43     Chromium before 27.0.1453.93 does not properly perform a cast of an
44     unspecified variable during handling of clipboard data, which allows remote
45     attackers to cause a denial of service or possibly have other impact via
46     unknown vectors (CVE-2013-2839).
47    
48     Use-after-free vulnerability in the media loader in Chromium before
49     27.0.1453.93 allows remote attackers to cause a denial of service or possibly
50     have unspecified other impact via unknown vectors (CVE-2013-2840).
51    
52     Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
53     attackers to cause a denial of service or possibly have unspecified other
54     impact via vectors related to the handling of Pepper resources
55     (CVE-2013-2841).
56    
57     Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
58     attackers to cause a denial of service or possibly have unspecified other
59     impact via vectors related to the handling of widgets (CVE-2013-2842).
60    
61     Use-after-free vulnerability in Chromium before 27.0.1453.93 allows remote
62     attackers to cause a denial of service or possibly have unspecified other
63     impact via vectors related to the handling of speech data (CVE-2013-2843).
64    
65     Use-after-free vulnerability in the Cascading Style Sheets (CSS)
66     implementation in Chromium before 27.0.1453.93 allows remote attackers to
67     cause a denial of service or possibly have unspecified other impact via
68     vectors related to style resolution (CVE-2013-2844).
69    
70     The Web Audio implementation in Google Chrome before 27.0.1453.93 allows
71     remote attackers to cause a denial of service (memory corruption) or possibly
72     have unspecified other impact via unknown vectors (CVE-2013-2845).
73    
74     Use-after-free vulnerability in the media loader in Google Chrome before
75     27.0.1453.93 allows remote attackers to cause a denial of service or possibly
76     have unspecified other impact via unknown vectors (CVE-2013-2846).
77    
78     Race condition in the workers implementation in Google Chrome before
79     27.0.1453.93 allows remote attackers to cause a denial of service
80     (use-after-free and application crash) or possibly have unspecified other
81     impact via unknown vectors (CVE-2013-2847).
82    
83     The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote
84     attackers to obtain sensitive information via unspecified vectors
85     (CVE-2013-2848).
86    
87     Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before
88     27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web
89     script or HTML via vectors involving a (1) drag-and-drop or
90     (2) copy-and-paste operation (CVE-2013-2849).
91    
92     The Developer Tools API in Chromium before 27.0.1453.110 allows remote
93     attackers to cause a denial of service (memory corruption) or possibly have
94     unspecified other impact via unknown vectors (CVE-2013-2855).
95    
96     Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
97     attackers to cause a denial of service or possibly have unspecified other
98     impact via vectors related to the handling of input (CVE-2013-2856).
99    
100     Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
101     attackers to cause a denial of service or possibly have unspecified other
102     impact via vectors related to the handling of images (CVE-2013-2857).
103    
104     Use-after-free vulnerability in the HTML5 Audio implementation in Chromium
105     before 27.0.1453.110 allows remote attackers to cause a denial of service or
106     possibly have unspecified other impact via unknown vectors (CVE-2013-2858).
107    
108     Chromium before 27.0.1453.110 allows remote attackers to bypass the Same
109     Origin Policy and trigger namespace pollution via unspecified vectors
110     (CVE-2013-2859).
111    
112     Use-after-free vulnerability in Chromium before 27.0.1453.110 allows remote
113     attackers to cause a denial of service or possibly have unspecified other
114     impact via vectors involving access to a database API by a worker process
115     (CVE-2013-2860).
116    
117     Use-after-free vulnerability in the SVG implementation in Chromium before
118     27.0.1453.110 allows remote attackers to cause a denial of service or
119     possibly have unspecified other impact via unknown vectors (CVE-2013-2861).
120    
121     Skia, as used in Chromium before 27.0.1453.110, does not properly handle GPU
122     acceleration, which allows remote attackers to cause a denial of service
123     (memory corruption) or possibly have unspecified other impact via unknown
124     vectors (CVE-2013-2862).
125    
126     Chromium before 27.0.1453.110 does not properly handle SSL sockets, which
127     allows remote attackers to execute arbitrary code or cause a denial of
128     service (memory corruption) via unspecified vectors (CVE-2013-2863).
129    
130     Multiple unspecified vulnerabilities in Chromium before 27.0.1453.110 allow
131     attackers to cause a denial of service or possibly have other impact via
132     unknown vectors (CVE-2013-2865).
133     references:
134     - https://bugs.mageia.org/show_bug.cgi?id=10353
135     - http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
136     - http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html
137     - http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_17.html
138     - http://www.debian.org/security/2013/dsa-2695
139     - http://www.debian.org/security/2013/dsa-2706
140 boklm 123 ID: MGASA-2013-0194

  ViewVC Help
Powered by ViewVC 1.1.30