lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WF60x-0003Me-Rz@alpha.psidef.org>
Date: Sun, 16 Feb 2014 13:00:27 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2862-1] chromium-browser security
	update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2862-1                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
February 16, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
CVE ID         : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 
                 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2013-6641

    Atte Kettunen discovered a use-after-free issue in Blink/Webkit form
    elements.

CVE-2013-6643

    Joao Lucas Melo Brasio discovered a Google account information
    disclosure issue related to the one-click sign-on feature.

CVE-2013-6644

    The chrome development team discovered and fixed multiple issues with
    potential security impact. 

CVE-2013-6645

    Khalil Zhani discovered a use-after-free issue related to speech input.

CVE-2013-6646

    Colin Payne discovered a use-after-free issue in the web workers
    implementation. 

CVE-2013-6649

    Atte Kettunen discovered a use-after-free issue in the Blink/Webkit
    SVG implementation.

CVE-2013-6650

    Christian Holler discovered a memory corruption in the v8 javascript
    library.

For the stable distribution (wheezy), these problems have been fixed in
version 32.0.1700.123-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 32.0.1700.123-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/
z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z
qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0
ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX
hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7
Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1
T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn
rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH
B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W
nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz
x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi
CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd
EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY
q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea
VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx
u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg
KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt
z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC
gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp
zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ
0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo
PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA=
=yzUa
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ