Back
    Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2797-1: chromium-browser security update

    Date 17 Nov 2013
    Category Debian Linux Distribution - Security Advisories
    155
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 
    
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2797-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                           Michael Gilbert
November 16, 2013                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2931 CVE-2013-6621 CVE-2013-6622 CVE-2013-6623 
                 CVE-2013-6624 CVE-2013-6625 CVE-2013-6626 CVE-2013-6627
                 CVE-2013-6628 CVE-2013-6629 CVE-2013-6630 CVE-2013-6631
                 CVE-2013-6632

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-2931

    The chrome 31 development team found various issues from internal
    fuzzing, audits, and other studies.

CVE-2013-6621

    Khalil Zhani discovered a use-after-free issue in speech input
    handling.

CVE-2013-6622

    cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

CVE-2013-6623

    miaubiz discovered an out-of-bounds read in the Blink/Webkit SVG
    implementation.

CVE-2013-6624

    Jon Butler discovered a use-after-free issue in id attribute strings.

CVE-2013-6625

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
    DOM implementation.

CVE-2013-6626

    Chamal de Silva discovered an address bar spoofing issue.

CVE-2013-6627

    skylined discovered an out-of-bounds read in the HTTP stream parser.

CVE-2013-6628

    Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris
    discovered that a different (unverified) certificate could be used
    after successful TLS renegotiation with a valid certificate.

CVE-2013-6629

    Michal Zalewski discovered an uninitialized memory read in the
    libjpeg and libjpeg-turbo libraries.

CVE-2013-6630

    Michal Zalewski discovered another uninitialized memory read in
    the libjpeg and libjpeg-turbo libraries.

CVE-2013-6631

    Patrik Höglund discovered a use-free issue in the libjingle library.

CVE-2013-6632

    Pinkie Pie discovered multiple memory corruption issues.

For the stable distribution (wheezy), these problems have been fixed in
version 31.0.1650.57-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 31.0.1650.57-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    GNOME 3.38.2 Desktop Environment Is Out with Even More Improvements and Bug Fixes
    GNOME 3.38.2 Desktop Environment Is Out with Even More Improvements and Bug Fixes
    LibreOffice 7.1 Office Suite Enters Beta, Promises a Plethora of Improvements
    LibreOffice 7.1 Office Suite Enters Beta, Promises a Plethora of Improvements
    Best forensic and pentesting Linux distros of 2020
    Best forensic and pentesting Linux distros of 2020
    Stantinko's Linux malware now poses as an Apache web server
    Stantinko's Linux malware now poses as an Apache web server

    Advisories

    RedHat: RHSA-2020-5249:01 Moderate: security update - Red Hat Ansible Tower
    Date 30 Nov 2020 @ 04:14
    RedHat: RHSA-2020-5246:01 Important: rh-mariadb103-mariadb and
    Date 30 Nov 2020 @ 03:46
    RedHat: RHSA-2020-5237:01 Important: firefox security update
    Date 30 Nov 2020 @ 00:39
    RedHat: RHSA-2020-5234:01 Important: firefox security update
    Date 29 Nov 2020 @ 22:59

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"18","type":"x","order":"1","pct":3.5,"resources":[]},{"id":"159","title":"False","votes":"496","type":"x","order":"2","pct":96.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200
    Phishing Is The #1 Cybersecurity Threat Businesses Face

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Our Cookie Policy