Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472350 - <www-client/chromium-27.0.1453.110 multiple vulnerabilities (CVE-2013-{2855,2856,2857,2858,2859,2860,2861,2862,2863,2864,2865})
Summary: <www-client/chromium-27.0.1453.110 multiple vulnerabilities (CVE-2013-{2855,2...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-04 23:26 UTC by Mike Gilbert
Modified: 2013-09-25 00:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2013-06-04 23:26:50 UTC
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2013-06-05 00:37:08 UTC
Please stabilize.

=www-client/chromium-27.0.1453.110
Comment 2 Agostino Sarubbo gentoo-dev 2013-06-05 09:22:53 UTC
x86 stable
Comment 3 Richard Freeman gentoo-dev 2013-06-05 17:54:12 UTC
Ago didn't mention it, but amd64 is stable as well.  That's everything for the security team.
Comment 4 Sergey Popov gentoo-dev Security 2013-08-22 08:33:10 UTC
Thanks for your work

Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 18:30:13 UTC
CVE-2013-2865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865):
  Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-2864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2864):
  The PDF functionality in Google Chrome before 27.0.1453.110 allows remote
  attackers to cause a denial of service (invalid free operation) or possibly
  have unspecified other impact via unknown vectors.

CVE-2013-2863 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863):
  Google Chrome before 27.0.1453.110 does not properly handle SSL sockets,
  which allows remote attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors.

CVE-2013-2862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862):
  Skia, as used in Google Chrome before 27.0.1453.110, does not properly
  handle GPU acceleration, which allows remote attackers to cause a denial of
  service (memory corruption) or possibly have unspecified other impact via
  unknown vectors.

CVE-2013-2861 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861):
  Use-after-free vulnerability in the SVG implementation in Google Chrome
  before 27.0.1453.110 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via unknown vectors.

CVE-2013-2860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860):
  Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors involving access to a database API by a worker
  process.

CVE-2013-2859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859):
  Google Chrome before 27.0.1453.110 allows remote attackers to bypass the
  Same Origin Policy and trigger namespace pollution via unspecified vectors.

CVE-2013-2858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858):
  Use-after-free vulnerability in the HTML5 Audio implementation in Google
  Chrome before 27.0.1453.110 allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via unknown vectors.

CVE-2013-2857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857):
  Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to the handling of images.

CVE-2013-2856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856):
  Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to the handling of input.

CVE-2013-2855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855):
  The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote
  attackers to cause a denial of service (memory corruption) or possibly have
  unspecified other impact via unknown vectors.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-09-25 00:10:49 UTC
This issue was resolved and addressed in
 GLSA 201309-16 at http://security.gentoo.org/glsa/glsa-201309-16.xml
by GLSA coordinator Sean Amoss (ackle).