[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VDhDT-0004Sn-Gd@alpha.psidef.org>
Date: Sun, 25 Aug 2013 16:47:19 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2741-1] chromium-browser security
update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2741-1 security@...ian.org
http://www.debian.org/security/ Michael Gilbert
August 25, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902
CVE-2013-2903 CVE-2013-2904 CVE-2013-2905
Several vulnerabilities have been discovered in the Chromium web browser.
CVE-2013-2887
The chrome 29 development team found various issues from internal
fuzzing, audits, and other studies.
CVE-2013-2900
Krystian Bigaj discovered a file handling path sanitization issue.
CVE-2013-2901
Alex Chapman discovered an integer overflow issue in ANGLE, the
Almost Native Graphics Layer.
CVE-2013-2902
cloudfuzzer discovered a use-after-free issue in XSLT.
CVE-2013-2903
cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.
CVE-2013-2904
cloudfuzzer discovered a use-after-free issue in XML document
parsing.
CVE-2013-2905
Christian Jaeger discovered an information leak due to insufficient
file permissions.
For the stable distribution (wheezy), these problems have been fixed in
version 29.0.1547.57-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 29.0.1547.57-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQQcBAEBCgAGBQJSGm5GAAoJELjWss0C1vRzPeQf/RRCxx42uQSyFbV5PPEZgrcw
/pD1tgiM3RIPEQhPlzG6tAXEAV8F44bOeT1XUjUAW5+tfDd+nTrv9kKVQbq5Bt21
zBKBSv5ukZ00pesctK1c1Xmeyg1MkujhC7IOId9yGV1CVXUox0Me8J+FOCBWLtUg
KccHpeh/DkK2/S23Avjc4WysjlPyMWB3aulxZ1BhY2MqOgL1IstlpoDIZB5KO7s3
AiTRdwSH0YXMmjLkvyx8Kdy+rGr2bixameEJp0CO68XWRXd5TF9E/JBgyNi7yW9V
XiPmnjsO39ZXVRAZ5zOkLjC9ZCh9zcYoPEFOl4ZazF+XA8bs0eZtwgLCIFAJbA66
8lT4dGYuXEWPIClNS9UJOO+OoNemYfHFHfJ6zjolijNopsotaFSLLf09JB6aEdBh
D0ag8WZCgQr945wfr4FfrfZ5YJ9m1duUZvhnkJRoQHfPL0EaDEfMkfOTSmIGg/ku
XcWRTgVu/uvqnyz2132j1NHNuScWFVV7YDB2UY/UtfjX0f+3h2xC2DFmOnIuOIBh
4C95GlCXDcAWaxVxByzJMKQaYGuPdc+nbnA2IpAUc+Ge7dXu/MVx8QQgQHqwmNd+
8bfCuwSZz7VrMRflJ1of4fxZB71RGbxvWSYFf64KmHCYY6bwLKCWJ3s4WSBQTpdt
1q6IqhNvKqAqdHam1w4BmJ6yyAPJ+U/JKZZLzat1d/AE4D6p01lS9GfY4ewNyQhf
fQYuNwwzWZScYgtXmOD29QfAagzL3JhxGoc3eKbnwfp7z5DbaUxnj8NSxyRCO1qg
oTyOmialp+7u8rF9es6TaG8ddEklN3hZ5is92qWcydXhBrLakbGMDHu0uVZai1pe
sM3BiogPOwks3gIyLyH5q4+tsEU9hxSZgymLYnlz4lkyFs8Dpd/ZhYX52btcVneG
xIx9GnmwpYKQAV6g0mwHaL+0IXj5RfrKCMpmqHCzDWGxZ7lFilmRKIJmyrI02LN0
eQ6HUreYyphev8yZa69OSJwUnWy88WSxX2PH/oKy+tP9XoYLwQoJjCikI21CrJj8
ydaV6wjVA474HAwTQSF9zbllLdDwfswGSJ29Qzx80Pgf7MUZuDCYVWvqMNtJ44cp
2Hyxc3d8KjPERRda62VQnVPMwhs1kEnEwWSCK8SDpI21bY0756m6GKUVLw0dBf54
mmhwPoU/cVRyHeataY1gkkDl5gAB4VE14GxipNv/ge0AJGIF2YsC6ZP2SaVMkB2x
/gBEBer1gggyTwNKb2gkalyXjXVHns1CFQKSlcEm93W3ychtVVykObRt3+cmZCUU
xOZMWWsUnwzbessCPz3B44sK+4MM9GDqAfQsvBoaU5AnYiLDBKh5KtStENoH5/0=
=ABUv
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists