lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VDhDT-0004Sn-Gd@alpha.psidef.org>
Date: Sun, 25 Aug 2013 16:47:19 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2741-1] chromium-browser security
	update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2741-1                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
August 25, 2013                        http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902
                 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905

Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2887

    The chrome 29 development team found various issues from internal
    fuzzing, audits, and other studies.

CVE-2013-2900

    Krystian Bigaj discovered a file handling path sanitization issue.

CVE-2013-2901

    Alex Chapman discovered an integer overflow issue in ANGLE, the
    Almost Native Graphics Layer.

CVE-2013-2902

    cloudfuzzer discovered a use-after-free issue in XSLT.

CVE-2013-2903

    cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

CVE-2013-2904

    cloudfuzzer discovered a use-after-free issue in XML document
    parsing.

CVE-2013-2905

    Christian Jaeger discovered an information leak due to insufficient
    file permissions.

For the stable distribution (wheezy), these problems have been fixed in
version 29.0.1547.57-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 29.0.1547.57-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQQcBAEBCgAGBQJSGm5GAAoJELjWss0C1vRzPeQf/RRCxx42uQSyFbV5PPEZgrcw
/pD1tgiM3RIPEQhPlzG6tAXEAV8F44bOeT1XUjUAW5+tfDd+nTrv9kKVQbq5Bt21
zBKBSv5ukZ00pesctK1c1Xmeyg1MkujhC7IOId9yGV1CVXUox0Me8J+FOCBWLtUg
KccHpeh/DkK2/S23Avjc4WysjlPyMWB3aulxZ1BhY2MqOgL1IstlpoDIZB5KO7s3
AiTRdwSH0YXMmjLkvyx8Kdy+rGr2bixameEJp0CO68XWRXd5TF9E/JBgyNi7yW9V
XiPmnjsO39ZXVRAZ5zOkLjC9ZCh9zcYoPEFOl4ZazF+XA8bs0eZtwgLCIFAJbA66
8lT4dGYuXEWPIClNS9UJOO+OoNemYfHFHfJ6zjolijNopsotaFSLLf09JB6aEdBh
D0ag8WZCgQr945wfr4FfrfZ5YJ9m1duUZvhnkJRoQHfPL0EaDEfMkfOTSmIGg/ku
XcWRTgVu/uvqnyz2132j1NHNuScWFVV7YDB2UY/UtfjX0f+3h2xC2DFmOnIuOIBh
4C95GlCXDcAWaxVxByzJMKQaYGuPdc+nbnA2IpAUc+Ge7dXu/MVx8QQgQHqwmNd+
8bfCuwSZz7VrMRflJ1of4fxZB71RGbxvWSYFf64KmHCYY6bwLKCWJ3s4WSBQTpdt
1q6IqhNvKqAqdHam1w4BmJ6yyAPJ+U/JKZZLzat1d/AE4D6p01lS9GfY4ewNyQhf
fQYuNwwzWZScYgtXmOD29QfAagzL3JhxGoc3eKbnwfp7z5DbaUxnj8NSxyRCO1qg
oTyOmialp+7u8rF9es6TaG8ddEklN3hZ5is92qWcydXhBrLakbGMDHu0uVZai1pe
sM3BiogPOwks3gIyLyH5q4+tsEU9hxSZgymLYnlz4lkyFs8Dpd/ZhYX52btcVneG
xIx9GnmwpYKQAV6g0mwHaL+0IXj5RfrKCMpmqHCzDWGxZ7lFilmRKIJmyrI02LN0
eQ6HUreYyphev8yZa69OSJwUnWy88WSxX2PH/oKy+tP9XoYLwQoJjCikI21CrJj8
ydaV6wjVA474HAwTQSF9zbllLdDwfswGSJ29Qzx80Pgf7MUZuDCYVWvqMNtJ44cp
2Hyxc3d8KjPERRda62VQnVPMwhs1kEnEwWSCK8SDpI21bY0756m6GKUVLw0dBf54
mmhwPoU/cVRyHeataY1gkkDl5gAB4VE14GxipNv/ge0AJGIF2YsC6ZP2SaVMkB2x
/gBEBer1gggyTwNKb2gkalyXjXVHns1CFQKSlcEm93W3ychtVVykObRt3+cmZCUU
xOZMWWsUnwzbessCPz3B44sK+4MM9GDqAfQsvBoaU5AnYiLDBKh5KtStENoH5/0=
=ABUv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ