| Summary: | <www-client/chromium-24.0.1312.56 multiple vulnerabilities (CVE-2013-{0839,0840,0841,0842}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | chromium |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Mike Gilbert
2013-01-23 01:54:42 UTC
Please stabilize: =www-client/chromium-24.0.1312.56 CVE-2013-0843 is mac-only x86 stable Adding to existing GLSA draft. CVE-2013-0842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842): Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. CVE-2013-0841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841): Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-0840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840): Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. CVE-2013-0839 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839): Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |
