Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 488148 (CVE-2013-2925)

Summary: <www-client/chromium-30.0.1599.101 use after free in various modules (CVE-2013-{2925,2926,2927,2928})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2013-10-16 00:16:57 UTC 
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2013-10-16 00:18:27 UTC 
Please stabilize on amd64 and x86.

=dev-lang/v8-3.20.17.15
=www-client/chromium-30.0.1599.101
Comment 2 Agostino Sarubbo gentoo-dev 2013-10-16 12:48:10 UTC 
amd64 and x86 stable
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-10-18 13:58:48 UTC 
Added to existing GLSA draft.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-10-24 00:07:50 UTC 
CVE-2013-2928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928):
  Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-2927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927):
  Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission
  function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
  before 30.0.1599.101, allows remote attackers to cause a denial of service
  or possibly have unspecified other impact via vectors related to submission
  for FORM elements.

CVE-2013-2926 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926):
  Use-after-free vulnerability in the
  IndentOutdentCommand::tryIndentingAsListItem function in
  core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome
  before 30.0.1599.101, allows user-assisted remote attackers to cause a
  denial of service or possibly have unspecified other impact via vectors
  related to list elements.

CVE-2013-2925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925):
  Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as
  used in Google Chrome before 30.0.1599.101, allows remote attackers to cause
  a denial of service or possibly have unspecified other impact via vectors
  that trigger multiple conflicting uses of the same XMLHttpRequest object.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 11:23:26 UTC 
This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).