Summary: | <www-client/chromium-27.0.1453.110 multiple vulnerabilities (CVE-2013-{2855,2856,2857,2858,2859,2860,2861,2862,2863,2864,2865}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2013-06-04 23:26:50 UTC
Please stabilize. =www-client/chromium-27.0.1453.110 x86 stable Ago didn't mention it, but amd64 is stable as well. That's everything for the security team. Thanks for your work Added to existing GLSA draft CVE-2013-2865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865): Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-2864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2864): The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. CVE-2013-2863 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863): Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2013-2862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862): Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2013-2861 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861): Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860): Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. CVE-2013-2859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859): Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. CVE-2013-2858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858): Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2013-2857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857): Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. CVE-2013-2856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856): Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. CVE-2013-2855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855): The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. This issue was resolved and addressed in GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml by GLSA coordinator Sean Amoss (ackle). |