Back
Linux Security
Linux Security
Linux Security

Debian: DSA-2797-1: chromium-browser security update

Date 17 Nov 2013
Category Debian Linux Distribution - Security Advisories
172
Posted By LinuxSecurity Advisories
Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2797-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                           Michael Gilbert
November 16, 2013                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2931 CVE-2013-6621 CVE-2013-6622 CVE-2013-6623 
                 CVE-2013-6624 CVE-2013-6625 CVE-2013-6626 CVE-2013-6627
                 CVE-2013-6628 CVE-2013-6629 CVE-2013-6630 CVE-2013-6631
                 CVE-2013-6632

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-2931

    The chrome 31 development team found various issues from internal
    fuzzing, audits, and other studies.

CVE-2013-6621

    Khalil Zhani discovered a use-after-free issue in speech input
    handling.

CVE-2013-6622

    cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

CVE-2013-6623

    miaubiz discovered an out-of-bounds read in the Blink/Webkit SVG
    implementation.

CVE-2013-6624

    Jon Butler discovered a use-after-free issue in id attribute strings.

CVE-2013-6625

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
    DOM implementation.

CVE-2013-6626

    Chamal de Silva discovered an address bar spoofing issue.

CVE-2013-6627

    skylined discovered an out-of-bounds read in the HTTP stream parser.

CVE-2013-6628

    Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris
    discovered that a different (unverified) certificate could be used
    after successful TLS renegotiation with a valid certificate.

CVE-2013-6629

    Michal Zalewski discovered an uninitialized memory read in the
    libjpeg and libjpeg-turbo libraries.

CVE-2013-6630

    Michal Zalewski discovered another uninitialized memory read in
    the libjpeg and libjpeg-turbo libraries.

CVE-2013-6631

    Patrik Höglund discovered a use-free issue in the libjingle library.

CVE-2013-6632

    Pinkie Pie discovered multiple memory corruption issues.

For the stable distribution (wheezy), these problems have been fixed in
version 31.0.1650.57-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 31.0.1650.57-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

Related News

Putting an Ultra-Tiny Linux Board in a Phone Charger…Eventually
Putting an Ultra-Tiny Linux Board in a Phone Charger…Eventually
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Linux's Technical Advisory Board reports on the UMN 'Hypocrite Commits' patches
Linux's Technical Advisory Board reports on the UMN 'Hypocrite Commits' patches
The 10 Best Linux Server Distributions
The 10 Best Linux Server Distributions

Advisories

openSUSE: 2021:0688-1 moderate: syncthing
Date 08 May 2021 @ 10:15
SUSE: 2021:444-1 sles-15-sp2-chost-byos-v20210506 Security Update
Date 08 May 2021 @ 07:24
SUSE: 2021:442-1 suse-sles-15-sp2-chost-byos-v20210506-gen2 Security Update
Date 08 May 2021 @ 07:21
SUSE: 2021:150-1 suse/sles12sp5 Security Update
Date 08 May 2021 @ 00:26

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200
Phishing Is The #1 Cybersecurity Threat Businesses Face

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Our Cookie Policy