Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 491326 (CVE-2013-6632)

Summary: <www-client/chromium-31.0.1650.57 : Multiple Memory Corruption Vulnerabilities (CVE-2013-{6632,6802})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.it/2013/11/stable-channel-update_14.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-11-15 13:33:26 UTC 
Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to some unspecified errors and can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 31.0.1650.57 running on Windows, Mac, Linux, and Chrome Frame.


Solution:
Update to version 31.0.1650.57.
Comment 1 Mike Gilbert gentoo-dev 2013-11-15 16:45:24 UTC 
I am still waiting for a source tarball to be posted upstream.
Comment 2 Mike Gilbert gentoo-dev 2013-11-16 03:46:40 UTC 
Ok, I rolled my own tarball. Please stabilize on amd64 and x86.

=www-client/chromium-31.0.1650.57
Comment 3 Agostino Sarubbo gentoo-dev 2013-11-16 08:38:27 UTC 
amd64 stable
x86 stable

Security please file the request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-11-19 04:15:27 UTC 
CVE-2013-6802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802):
  Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended
  sandbox restrictions by leveraging access to a renderer process, as
  demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different
  vulnerability than CVE-2013-6632.

CVE-2013-6632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632):
  Integer overflow in Google Chrome before 31.0.1650.57 allows remote
  attackers to execute arbitrary code or cause a denial of service (memory
  corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own
  competition at PacSec 2013.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-01-14 00:46:02 UTC 
Added to existing GLSA Draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 11:23:29 UTC 
This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).