Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 481990 (CVE-2013-2887)

Summary: <www-client/chromium-29.0.1457.57 multiple vulnerabilities (CVE-2013-{2887,2900,2901,2902,2903,2904,2905})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ago, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2013-08-21 16:00:59 UTC
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2013-08-21 16:03:41 UTC
Please stabilize on amd64 and x86.

=dev-lang/v8-3.19.18.19
=www-client/chromium-29.0.1547.57
Comment 2 Agostino Sarubbo gentoo-dev 2013-08-21 21:39:54 UTC
x86 stable
Comment 3 Sergey Popov gentoo-dev Security 2013-08-22 08:21:20 UTC
Thanks for your work.

New GLSA request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 02:13:08 UTC
CVE-2013-2905 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905):
  The SharedMemory::Create function in memory/shared_memory_posix.cc in Google
  Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which
  allows attackers to obtain sensitive information via direct access to a
  POSIX shared-memory file.

CVE-2013-2904 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904):
  Use-after-free vulnerability in the Document::finishedParsing function in
  core/dom/Document.cpp in Blink, as used in Google Chrome before
  29.0.1547.57, allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via an onload event that changes an
  IFRAME element so that its src attribute is no longer an XML document,
  leading to unintended garbage collection of this document.

CVE-2013-2903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903):
  Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument
  function in core/html/HTMLMediaElement.cpp in Blink, as used in Google
  Chrome before 29.0.1547.57, allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via vectors involving
  moving a (1) AUDIO or (2) VIDEO element between documents.

CVE-2013-2902 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902):
  Use-after-free vulnerability in the XSLT ProcessingInstruction
  implementation in Blink, as used in Google Chrome before 29.0.1547.57,
  allows remote attackers to cause a denial of service or possibly have
  unspecified other impact via vectors related to an applyXSLTransform call
  involving (1) an HTML document or (2) an xsl:processing-instruction element
  that is still in the process of loading.

CVE-2013-2901 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901):
  Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2)
  libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine
  (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote
  attackers to cause a denial of service or possibly have unspecified other
  impact via unknown vectors.

CVE-2013-2900 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900):
  The FilePath::ReferencesParent function in files/file_path.cc in Google
  Chrome before 29.0.1547.57 on Windows does not properly handle pathname
  components composed entirely of . (dot) and whitespace characters, which
  allows remote attackers to conduct directory traversal attacks via a crafted
  directory name.

CVE-2013-2887 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887):
  Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-09-25 00:10:55 UTC
This issue was resolved and addressed in
 GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml
by GLSA coordinator Sean Amoss (ackle).