lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <51fc4361.ZV0jqT/omLoOTmW2%mgilbert@debian.org>
Date: Fri, 02 Aug 2013 19:40:17 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2732-1] chromium-browser security
	update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2732-1                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
July 31, 2013                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 
                 CVE-2013-2885 CVE-2013-2886

Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2881

    Karthik Bhargavan discovered a way to bypass the Same Origin Policy
    in frame handling.

CVE-2013-2882

    Cloudfuzzer discovered a type confusion issue in the V8 javascript
    library.

CVE-2013-2883

    Cloudfuzzer discovered a use-after-free issue in MutationObserver.

CVE-2013-2884

    Ivan Fratric of the Google Security Team discovered a use-after-free
    issue in the DOM implementation.

CVE-2013-2885

    Ivan Fratric of the Google Security Team discovered a use-after-free
    issue in input handling.

CVE-2013-2886

    The chrome 28 development team found various issues from internal
    fuzzing, audits, and other studies.

For the stable distribution (wheezy), these problems have been fixed in
version 28.0.1500.95-1~deb7u1.

For the testing distribution (jessie), these problems wil be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 28.0.1500.95-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQQcBAEBCgAGBQJR+dsQAAoJELjWss0C1vRzPl0gAJnnwlUpiQLN/n7cg4YNUvfS
iFVnVRfOu4ELbBwdHNFi4gZ5pzfDR10E4YmSLechqTW/0pRySYQGKhcXDTq+zHt/
3V1t9Y+xRQKS1auZqDMqZEdyVMFKsrfd6i1uH+7A+76Xa3wnG3nmyut670VihbXt
w5feqXeo6KI/mbFT5XtrLj6nBV+bBRl+VhkXnlQbOKGXGHLpOY5VzmytaU5ZIqFW
7IYmtrMBUbIIwdKG3NfHa+bz9342p9j0f54AKHmMEcCkITzyTaO+k27oZTZd8hS8
u9BlyCNl0Ps4/oiolttTnIFaRl7pmVtycXpqlTWFw/VtYmyQllGLAFA+z57OGC6o
C0fhJYTjDAraVqZX0izJrdANeS5VyD+rbYAIfrg1gO60fQopcoTXTJ1qbi+TSwYm
PAAkjCPAbsB1yJvLT+ecBqC9cT4os/+GafpUl/griHrGlt9pFgY7aQ6Tqkc5VhVV
c+PVPRPJf+LJQBEGgZWgeI89t4IzKN/3ba8vdEgB5gqx28+p91yPLV0HIqEfUkvu
WiP9Lky832UpNl3bNZGh32Xjw9wpPszp2N5Imwyt21NU07zL1bLePrkS6e0Nw30M
zwu7yN6r5ZnU+kpR/kwi9LmsVzcIrWUH8KSQ5F3rXqiODR2n/Xn6ZbYvw6hMzzOk
2uP8SGESvCfi/lHXqof2dj4TXnHDx/2aufCiRA3Y+qxpj1byt5qnhjx6NDaoMR/0
R0onKGGqv07IcPWxogNe3kQQ+fSNu2YgBLodu96aSgFYeMMnhOkESPsPGLnSy2B6
7vEqF2WH/34mGITfhl8luZ0hyeVDtWwhY34SJHnuHackXa970843w0vPJ3zq2m6x
do5QaYwL+3skGwDgn/nRxveqoLPprJH0ToRqhdwvuELZ7uSS4l8jXblc/H/0bLco
ZNrQU4T7rE1+bW23wafka75MjVkzNA7eJRFmqR1ds9Y6QwmlrZcE4i5FabF8rZZI
V5Bxp+kzxDiYlv+z4vZpDj8ZHBO9OK3Az37mnwAthIjWstjFBNvLhgIAaXFFJ5p1
TwHMvGQyZledPL2mV7vwx6f2gpWPaIlZFm0aCFG0Dr/rzYMKf9V7KZuiVFfAjJUI
pQWfO6wbkZU5vmIwudfdgH0C28tDawKy8tYd+7mFBvJZYh4lj+0Wceu37F1oN9Aq
asyjyw/ubrqaVgKHeQw3VKxZWr836vrzIrZhUPP/aadejx+ABuBqvIsNRZA8Ei6g
AE8FchyWiXFviiWTJmMILNlf6IsvysZbqkDAocUjfqy2QwfnL1CoM5fTcK+8koaA
nZmdh50Da2Q9xmsWnJbbk4ANbJP7kkEnbreeifcO1Z97pN4EkwZ16SL4BK0jRAk=
=AyVH
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ