Debian Security Advisory 2724-1

Debian Security Advisory 2724-1: Posted Jul 19, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2724-1 - Several vulnerabilities have been discovered in the Chromium web browser.; tags | advisory, web, vulnerability; systems | linux, debian; advisories | CVE-2013-2853, CVE-2013-2867, CVE-2013-2868, CVE-2013-2869, CVE-2013-2870, CVE-2013-2871, CVE-2013-2873, CVE-2013-2875, CVE-2013-2876, CVE-2013-2877, CVE-2013-2878, CVE-2013-2879, CVE-2013-2880; SHA-256 | c56abdd979ad1791b0c97f5cbfe6e0aea3eb1051cb9ca106027b3fa6fbfd6a9d; Download | Favorite | View

Debian Security Advisory 2724-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2724-1                   security@debian.org
http://www.debian.org/security/                           Michael Gilbert
July 17, 2013                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2853 CVE-2013-2867 CVE-2013-2868 CVE-2013-2869
                 CVE-2013-2870 CVE-2013-2871 CVE-2013-2873 CVE-2013-2875
                 CVE-2013-2876 CVE-2013-2877 CVE-2013-2878 CVE-2013-2879
                 CVE-2013-2880

Several vulnerabilities have been discovered in the Chromium web browser.

CVE-2013-2853

    The HTTPS implementation does not ensure that headers are terminated
    by \r\n\r\n (carriage return, newline, carriage return, newline).

CVE-2013-2867

    Chrome does not properly prevent pop-under windows.

CVE-2013-2868

    common/extensions/sync_helper.cc proceeds with sync operations for
    NPAPI extensions without checking for a certain plugin permission
    setting.

CVE-2013-2869

    Denial of service (out-of-bounds read) via a crafted JPEG2000
    image.

CVE-2013-2870

    Use-after-free vulnerability in network sockets.

CVE-2013-2871

    Use-after-free vulnerability in input handling.

CVE-2013-2873

    Use-after-free vulnerability in resource loading.

CVE-2013-2875

    Out-of-bounds read in SVG file handling.

CVE-2013-2876

    Chrome does not properly enforce restrictions on the capture of
    screenshots by extensions, which could lead to information
    disclosure from previous page visits.

CVE-2013-2877

    Out-of-bounds read in XML file handling.

CVE-2013-2878

    Out-of-bounds read in text handling.

CVE-2013-2879

    The circumstances in which a renderer process can be considered a
    trusted process for sign-in and subsequent sync operations were
    not propertly checked.

CVE-2013-2880

    The chrome 28 development team found various issues from internal
    fuzzing, audits, and other studies.

For the stable distribution (wheezy), these problems have been fixed in
version 28.0.1500.71-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 28.0.1500.71-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCgAGBQJR5z1ZAAoJELjWss0C1vRzXNcgALd1S9ITVHdzvjtnyZ9j2o8c
WThFzzbsuq5NQdmvd05rgVE9DM4gZqw+iDDraeDPkNwG6u5v3DsjwQubRBCcsRT8
cPMVuV2hromqAmd5ghqbWQ4w4/I73JDJbrnGszJPL/SCKx7/6XYFl6HOgr3rNUxz
FCODDsahUPo/BJ39QImC2nLqaI0B+81CTMzna0oMRDXrAsHHo74U8o8Uf5W6W5ux
Lnxdw/mB+Ebh+2X73K4+xCHzzC5UEH7YR2VH2Ljex4D9SWdKUEk16Wb7qDXUuZ5D
Y30WQ7NRmZWfzrAHi510+I4gVyBY6F1n5wlb81jUcm6fk/Mgo17fe1DSaXn2TQf5
ikFvRaXVS+fT/RIhteyTJsGmIudFOmTt38vzH5sjMc3NV8o5EORA8GtE4q22ewiI
wyFYN4wFQgp684XHntcALnEOXGVM2Q9W+bfdqvKWQFYustzNjoHIlj0bEV1e+Ifg
2jhvE1hu5xj/UoIfUniqd1XwIx/bPMdk6Z8Ltb0D1cyHJ48H6VdAI2JQY7a3Xusq
1Aqk9DyIFdp+iR5FT+Ume03ucpwbnSx5qJxdGqb7tbmeNShY9xgyWZhRimrVt44c
hA+wqHXIBeK5Rq4+0RCfWTlTje61ZlGFzmxUVIBweFWXzHHMBDSIzMv944O6tQQx
oNHl2GinPZKs3H7ETIagV64qnB/829spKbktnBRJ4PMyOHMzVLs8r/ohL1VJMbKr
0rdnv/YHS+dMiFHI9L8S+oY/F7kkUVh+t3UvEXvMNhb9Y4xuT3jRzh89yT9btMTb
NABbqp0ADY5gVMqM8W5zfYklyD/kf+iyU233JArS6j3YZxJsZGfsUycmq118vygJ
WItOsInHTEsa53oCwMM9wrk96lFO44HqZ2ssyWK+Oi9CN8vihr10dirnk8hhXQrs
nwQiqxRUhPdVSrCYUM19k78lfPcR3fXzydiC9gPp3jD/7XxG7PWEfz4I8zVG1IFt
j/3BeWE6nJoK+G95ZrNeUdBSBdIM2JUjcFdsUJCAy+HWdOhJnRu6/CZsRjvND/H3
AATuIMBkfjj0sHeYN6MeUaaeVo3+QH3tJ+EbSiY2X8LIb97dTCa/lV0CZnA6ZpQw
IAPcfCajfPSQ0RmmwNm4bm+a+oRwalDnbjkOEWDIJmo74jpefgyDqYUVKKO8HVF0
uBsB7kvJwg6MyR6QMRj+6Ema0j5cbuXx8AVQtU2pGEqFTHTYL0DkYdojevegFqwM
giaO8ILAcR6C0BI8IrWSMde49piy4n8GHnAUhkVU5waJTiU5vTAv9yORkfFQEpfb
ZRIebEJdbxXbiyVdTVI/zmEf36kxLGUNge8sPreeQv8lGTkMxWNrPEeaDFSWk1s=
=gQNK
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 2724-1

Debian Security Advisory 2724-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2724-1

Share This

Debian Security Advisory 2724-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems