Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 501948 (CVE-2013-6652)

Summary: <www-client/chromium-33.0.1750.117 multiple vulnerabilies (CVE-2013-{6652,6653,6654,6655,6656,6657,6658,6659,6660,6661})
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: ago, chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2014-02-21 02:18:48 UTC
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2014-02-21 03:58:10 UTC
Ok, ebuild is in the tree, but we have a couple of blockers.
Comment 2 PaweĊ‚ Hajdan, Jr. (RETIRED) gentoo-dev 2014-02-21 05:29:36 UTC
(In reply to Mike Gilbert from comment #1)
> Ok, ebuild is in the tree, but we have a couple of blockers.

Updated status based on that. The stabilization target is =www-client/chromium-33.0.1750.117
Comment 3 Richard Freeman gentoo-dev 2014-02-21 14:11:51 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-02-22 07:34:00 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-03-05 10:29:54 UTC
Cleanup already done. Added to existing GLSA draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 10:36:38 UTC
CVE-2013-6661 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661):
  Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117
  allow attackers to bypass the sandbox protection mechanism after obtaining
  renderer access, or have other impact, via unknown vectors.

CVE-2013-6660 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660):
  The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does
  not properly restrict the information in WebDropData data structures, which
  allows remote attackers to discover full pathnames via a crafted web site.

CVE-2013-6659 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659):
  The SSLClientSocketNSS::Core::OwnAuthCertHandler function in
  net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117
  does not prevent changes to server X.509 certificates during renegotiations,
  which allows remote SSL servers to trigger use of a new certificate chain,
  inconsistent with the user's expectations, by initiating a TLS
  renegotiation.

CVE-2013-6658 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658):
  Multiple use-after-free vulnerabilities in the layout implementation in
  Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors involving (1) running JavaScript code during execution of the
  updateWidgetPositions function or (2) making a call into a plugin during
  execution of the updateWidgetPositions function.

CVE-2013-6657 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657):
  core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in
  Google Chrome before 33.0.1750.117, inserts the about:blank URL during
  certain blocking of FORM elements within HTTP requests, which allows remote
  attackers to bypass the Same Origin Policy and obtain sensitive information
  via unspecified vectors.

CVE-2013-6656 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656):
  The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS
  auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes
  POST requests by using the body of a redirecting page instead of the body of
  a redirect target, which allows remote attackers to obtain sensitive
  information via unspecified vectors.

CVE-2013-6655 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655):
  Use-after-free vulnerability in Blink, as used in Google Chrome before
  33.0.1750.117, allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via vectors related to improper
  handling of overflowchanged DOM events during interaction between JavaScript
  and layout.

CVE-2013-6654 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654):
  The SVGAnimateElement::calculateAnimatedValue function in
  core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before
  33.0.1750.117, does not properly handle unexpected data types, which allows
  remote attackers to cause a denial of service (incorrect cast) or possibly
  have unspecified other impact via unknown vectors.

CVE-2013-6653 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653):
  Use-after-free vulnerability in the web contents implementation in Google
  Chrome before 33.0.1750.117 allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via vectors involving
  attempted conflicting access to the color chooser.

CVE-2013-6652 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652):
  Directory traversal vulnerability in
  sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before
  33.0.1750.117 on Windows allows attackers to bypass intended named-pipe
  policy restrictions in the sandbox via vectors related to (1) lack of checks
  for .. (dot dot) sequences or (2) lack of use of the \\?\ protection
  mechanism.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 11:23:40 UTC
This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).