Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 491326 (CVE-2013-6632) - <www-client/chromium-31.0.1650.57 : Multiple Memory Corruption Vulnerabilities (CVE-2013-{6632,6802})
Summary: <www-client/chromium-31.0.1650.57 : Multiple Memory Corruption Vulnerabilitie...
Status: RESOLVED FIXED
Alias: CVE-2013-6632
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-15 13:33 UTC by Agostino Sarubbo
Modified: 2014-03-05 11:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-11-15 13:33:26 UTC
Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to some unspecified errors and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 31.0.1650.57 running on Windows, Mac, Linux, and Chrome Frame.


Solution:
Update to version 31.0.1650.57.
Comment 1 Mike Gilbert gentoo-dev 2013-11-15 16:45:24 UTC
I am still waiting for a source tarball to be posted upstream.
Comment 2 Mike Gilbert gentoo-dev 2013-11-16 03:46:40 UTC
Ok, I rolled my own tarball. Please stabilize on amd64 and x86.

=www-client/chromium-31.0.1650.57
Comment 3 Agostino Sarubbo gentoo-dev 2013-11-16 08:38:27 UTC
amd64 stable
x86 stable

Security please file the request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-11-19 04:15:27 UTC
CVE-2013-6802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802):
  Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended
  sandbox restrictions by leveraging access to a renderer process, as
  demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different
  vulnerability than CVE-2013-6632.

CVE-2013-6632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632):
  Integer overflow in Google Chrome before 31.0.1650.57 allows remote
  attackers to execute arbitrary code or cause a denial of service (memory
  corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own
  competition at PacSec 2013.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-01-14 00:46:02 UTC
Added to existing GLSA Draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 11:23:29 UTC
This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).