Debian: DSA-2724-1: chromium-browser security update

    Date18 Jul 2013
    CategoryDebian
    53
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2724-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Michael Gilbert
    July 17, 2013                          http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2013-2853 CVE-2013-2867 CVE-2013-2868 CVE-2013-2869
                     CVE-2013-2870 CVE-2013-2871 CVE-2013-2873 CVE-2013-2875
                     CVE-2013-2876 CVE-2013-2877 CVE-2013-2878 CVE-2013-2879
                     CVE-2013-2880
    
    Several vulnerabilities have been discovered in the Chromium web browser.
    
    CVE-2013-2853
    
        The HTTPS implementation does not ensure that headers are terminated
        by \r\n\r\n (carriage return, newline, carriage return, newline).
    
    CVE-2013-2867
    
        Chrome does not properly prevent pop-under windows.
    
    CVE-2013-2868
    
        common/extensions/sync_helper.cc proceeds with sync operations for
        NPAPI extensions without checking for a certain plugin permission
        setting.
    
    CVE-2013-2869
    
        Denial of service (out-of-bounds read) via a crafted JPEG2000
        image.
    
    CVE-2013-2870
    
        Use-after-free vulnerability in network sockets.
    
    CVE-2013-2871
    
        Use-after-free vulnerability in input handling.
    
    CVE-2013-2873
    
        Use-after-free vulnerability in resource loading.
    
    CVE-2013-2875
    
        Out-of-bounds read in SVG file handling.
    
    CVE-2013-2876
    
        Chrome does not properly enforce restrictions on the capture of
        screenshots by extensions, which could lead to information
        disclosure from previous page visits.
    
    CVE-2013-2877
    
        Out-of-bounds read in XML file handling.
    
    CVE-2013-2878
    
        Out-of-bounds read in text handling.
    
    CVE-2013-2879
    
        The circumstances in which a renderer process can be considered a
        trusted process for sign-in and subsequent sync operations were
        not propertly checked.
    
    CVE-2013-2880
    
        The chrome 28 development team found various issues from internal
        fuzzing, audits, and other studies.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 28.0.1500.71-1~deb7u1.
    
    For the testing distribution (jessie), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 28.0.1500.71-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.