Summary: | <www-client/chromium-25.0.1364.152 multiple vulnerabilities (CVE-2013-{0902,0903,0904,0905,0906,0907,0908,0909,0910,0911}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2013-03-04 19:15:39 UTC
Let's use bundled libsrtp (for bug #459932) for this version bump if possible. Will do. I'm getting a build failure due to a missing asm file. yasm: FATAL: unable to open include file `third_party/x86inc/x86inc.asm' Can you take a peek and see if there is anything special I need to do, other than excluding it from the bundled library purge? (In reply to comment #2) > yasm: FATAL: unable to open include file `third_party/x86inc/x86inc.asm' Let's just add it to exclusion list, I think that's what is done for more recent chromium ebuilds. Please stabilize: =www-client/chromium-25.0.1364.152 amd64 stable x86 stable CVE-2013-0911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911): Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases. CVE-2013-0910 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910): Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in. CVE-2013-0909 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909): The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. CVE-2013-0908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908): Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors. CVE-2013-0907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907): Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads. CVE-2013-0906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906): The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-0905 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905): Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation. CVE-2013-0904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904): The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-0903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903): Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation. CVE-2013-0902 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902): Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Added to existing GLSA draft. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |