lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VpVUb-0008Ic-4D@alpha.psidef.org>
Date: Sat, 07 Dec 2013 22:57:17 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2811-1] chromium-browser security
	update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2811-1                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
December 07, 2013                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637 
                 CVE-2013-6638 CVE-2013-6639 CVE-2013-6640

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-6634

    Andrey Labunets discovered that the wrong URL was used during
    validation in the one-click sign on helper.

CVE-2013-6635

    cloudfuzzer discovered use-after-free issues in the InsertHTML and
    Indent DOM editing commands.

CVE-2013-6636

    Bas Venis discovered an address bar spoofing issue.

CVE-2013-6637

    The chrome 31 development team discovered and fixed multiple issues
    with potential security impact.

CVE-2013-6638

    Jakob Kummerow of the Chromium project discoved a buffer overflow in
    the v8 javascript library.

CVE-2013-6639

    Jakob Kummerow of the Chromium project discoved an out-of-bounds
    write in the v8 javascript library.

CVE-2013-6640

    Jakob Kummerow of the Chromium project discoved an out-of-bounds
    read in the v8 javascript library.

For the stable distribution (wheezy), these problems have been fixed in
version 31.0.1650.63-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 31.0.1650.63-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQQcBAEBCgAGBQJSo+2XAAoJELjWss0C1vRzcIcf/0IeLihtqzUhizWyxZEDPlEq
ZWfz1Vjo42ZqDJDacvh5HqdLARgVXsiRhJFqmcuThOxJGWR961zJEBCVa0uXbqpN
TuRI+YY7viTyrBXCa29RX9cB/EADmkqeFswMb1RpcgbmxJaSoOUU0bdqX2fOrN8E
yDTwSe//XQRinGuajNiBO1sWyGmRzquZnZwgmWL37raqg8eLKhHvYeuL+TQvVQwi
9/orPVoMELNDKrlupWFXChZSvc8kUuXAuBk0UI4OlTupsscsiaEWOdcPRssTwIO+
Zk9j7XS1OxZAcHD4iO8BeiGJjjymUvcqB7w8dv/S/2ehAYlptab0QNzsG//FTKGa
UuNgzD2d8ntMcXSXdcs2BqmWYFF2CI1hQYgCdSUGAp5nRjp8Y3TV+VykmgzjzMHN
nOIEXOHSsagMbn1pfmEn8mYv/Hkz38f04LStchD62Mvb9QHXQNtr9TOiJ3wbz3UI
wNN1faGePKz6bO3X2tSQboWmKjOfDL5XBJC27Jovpbyqk8zDA5ConHshkxSL7SPX
2MjMjbSUO1rpjehA1PLuruOwVQd1uRL/IgEhAqMWlXcwFI3Lo8C3pZfRHuuTQpJx
zUbVq6Kr88EoXfF7P6KnYd10C8mOwMu6Hj5iB/go7gOEiXrqGVa2KlVTVhVege9P
WDFweF5dYYhZ1kAB5nxzza5KZJtXX9aFkAK1fmyEc7CwyRB19r+Sm3TQwstgoF0t
0CPCwqQJNG2kLsir4nnB6mcJX9pkwX469qSeWul+3pp5026KmVGXhGtk7pcdIN7j
Qyav6UD2bywqt+5RaIIp+hygo1ZOkJ0bhni4PUK1IdCwC3aZqf1pukguBDy7zZb7
UqEzRyoaLgH0S0tmGnvFj/gRWMzkyxXLS/U84d/rBLVV61Irig/4G+gNlAaF2t1p
aSluBs5OOuGmyYNzQgs8jNmGdUR4Rx4l7a0Nol9jw8nwMMTjp7VQRUB4uMEWVOQ1
4ooAJ2ne3vqupJ1E21zk71d24+4MYrr/B2mXYQ0GsaDU+0bnODiEbKsliGwoRQGq
2ZXDzL+0SDLossIPYLWTx1s+DChrzoEVdp6n/3z6uul9/AzNc6U2FsCU1XAh3G/+
7LDqBIcnRX/fQ9p1yxPwo16kko5mJQlKkqgI9IDpNM/Lg7FCVl4+yE7uqR1B1fsc
WJN+t0M9uEO6EMO4pK/c91Xna2JP7xVcqsaCf1QI3WhNQnHoGzSX7E/BZYDkUmlR
kdkBp6F4izLt3hrz0qaVgIrslrPNwHphMOIlX/TzPMhY6etqQLQ8GXIS7SbqgG53
yWLQbsqo+1/d5QtTox5JfPFFTRCLKJGP8UrHjN7ZMmlBnTuZ5jR0oO+ITube2pM=
=5Qyo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ