LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 2785-1: chromium-browser: Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2906 [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2785-1                   security@debian.org
http://www.debian.org/security/                           Michael Gilbert
October 26, 2013                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2906 CVE-2013-2907 CVE-2013-2908 CVE-2013-2909 
                 CVE-2013-2910 CVE-2013-2911 CVE-2013-2912 CVE-2013-2913
                 CVE-2013-2915 CVE-2013-2916 CVE-2013-2917 CVE-2013-2918
                 CVE-2013-2919 CVE-2013-2920 CVE-2013-2921 CVE-2013-2922
                 CVE-2013-2923 CVE-2013-2924 CVE-2013-2925 CVE-2013-2926
                 CVE-2013-2927 CVE-2013-2928

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-2906

    Atte Kettunen of OUSPG discovered race conditions in Web Audio.

CVE-2013-2907

    Boris Zbarsky discovered an out-of-bounds read in window.prototype.

CVE-2013-2908

    Chamal de Silva discovered an address bar spoofing issue.

CVE-2013-2909

    Atte Kuttenen of OUSPG discovered a use-after-free issue in
    inline-block.

CVE-2013-2910

    Byoungyoung Lee of the Georgia Tech Information Security Center
    discovered a use-after-free issue in Web Audio.

CVE-2013-2911

    Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT
    handling.

CVE-2013-2912

    Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a
    use-after-free issue in the Pepper Plug-in API.

CVE-2013-2913

    cloudfuzzer discovered a use-after-free issue in Blink's XML
    document parsing.

CVE-2013-2915

    Wander Groeneveld discovered an address bar spoofing issue.

CVE-2013-2916

    Masato Kinugawa discovered an address bar spoofing issue.

CVE-2013-2917

    Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read
    issue in Web Audio.

CVE-2013-2918

    Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM
    implementation.

CVE-2013-2919

    Adam Haile of Concrete Data discovered a memory corruption issue
    in the V8 javascript library.

CVE-2013-2920

    Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL
    host resolving.

CVE-2013-2921

    Byoungyoung Lee and Tielei Wang discovered a use-after-free issue
    in resource loading.

CVE-2013-2922

    Jon Butler discovered a use-after-free issue in Blink's HTML
    template element implementation.

CVE-2013-2924

    A use-after-free issue was discovered in the International
    Components for Unicode (ICU) library. 

CVE-2013-2925

    Atte Kettunen of OUSPG discover a use-after-free issue in Blink's
    XML HTTP request implementation.

CVE-2013-2926

    cloudfuzzer discovered a use-after-free issue in the list indenting
    implementation.

CVE-2013-2927

    cloudfuzzer discovered a use-after-free issue in the HTML form
    submission implementation. 

CVE-2013-2923 and CVE-2013-2928

    The chrome 30 development team found various issues from internal
    fuzzing, audits, and other studies. 

For the stable distribution (wheezy), these problems have been fixed in
version 30.0.1599.101-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 30.0.1599.101-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.