Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 503372 (CVE-2013-6663) - <www-client/chromium-33.0.1750.146: multiple vulnerabilities (CVE-2013-{6663,6664,6665,6666,6667,6668})
Summary: <www-client/chromium-33.0.1750.146: multiple vulnerabilities (CVE-2013-{6663,...
Status: RESOLVED FIXED
Alias: CVE-2013-6663
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-04 02:21 UTC by Mike Gilbert
Modified: 2014-03-05 14:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2014-03-04 02:21:31 UTC
Release notes in URL.
Comment 1 Mike Gilbert gentoo-dev 2014-03-04 04:47:56 UTC
Please stabilize on amd64 and x86.

=www-client/chromium-33.0.1750.146
Comment 2 Agostino Sarubbo gentoo-dev 2014-03-04 13:55:58 UTC
amd64/x86 stable
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-03-04 14:51:38 UTC
Maintainer(s), Thank you for work!

Added to Existing GLSA draft.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 11:23:43 UTC
This issue was resolved and addressed in
 GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml
by GLSA coordinator Mikle Kolyada (Zlogene).
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-03-05 14:00:09 UTC
CVE-2013-6668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668):
  Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used
  in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of
  service or possibly have other impact via unknown vectors.

CVE-2013-6667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667):
  Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2013-6666 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666):
  The PepperFlashRendererHost::OnNavigate function in
  renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before
  33.0.1750.146 does not verify that all headers are Cross-Origin Resource
  Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate
  operation, which might allow remote attackers to bypass intended CORS
  restrictions via an inappropriate header.

CVE-2013-6665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665):
  Heap-based buffer overflow in the ResourceProvider::InitializeSoftware
  function in cc/resources/resource_provider.cc in Google Chrome before
  33.0.1750.146 allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via a large texture size that
  triggers improper memory allocation in the software renderer.

CVE-2013-6664 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664):
  Use-after-free vulnerability in the
  FormAssociatedElement::formRemovedFromTree function in
  core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome
  before 33.0.1750.146, allows remote attackers to cause a denial of service
  or possibly have unspecified other impact via vectors involving FORM
  elements, as demonstrated by use of the speech-recognition feature.

CVE-2013-6663 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663):
  Use-after-free vulnerability in the SVGImage::setContainerSize function in
  core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used
  in Google Chrome before 33.0.1750.146, allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via vectors
  related to the resizing of a view.