Advisories ยป MGASA-2013-0306

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 17 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2906 , CVE-2013-2907 , CVE-2013-2908 , CVE-2013-2909 , CVE-2013-2910 , CVE-2013-2911 , CVE-2013-2912 , CVE-2013-2913 , CVE-2013-2914 , CVE-2013-2915 , CVE-2013-2916 , CVE-2013-2917 , CVE-2013-2918 , CVE-2013-2919 , CVE-2013-2920 , CVE-2013-2921 , CVE-2013-2922 , CVE-2013-2923 , CVE-2013-2924

Description

This updates chromium-browser to the latest stable version, fixing
multiple security vulnerabilities.

Security fixes:
CVE-2013-2906: Races in Web Audio
CVE-2013-2907: Out of bounds read in Window.prototype object
CVE-2013-2908: Address bar spoofing related to the "204 No Content"
               status code
CVE-2013-2909: Use after free in inline-block rendering
CVE-2013-2910: Use-after-free in Web Audio
CVE-2013-2911: Use-after-free in XSLT
CVE-2013-2912: Use-after-free in PPAPI
CVE-2013-2913: Use-after-free in XML document parsing
CVE-2013-2914: Use after free in the Windows color chooser dialog
CVE-2013-2915: Address bar spoofing via a malformed scheme
CVE-2013-2916: Address bar spoofing related to the "204 No Content"
               status code
CVE-2013-2917: Out of bounds read in Web Audio
CVE-2013-2918: Use-after-free in DOM
CVE-2013-2919: Memory corruption in V8
CVE-2013-2920: Out of bounds read in URL parsing
CVE-2013-2921: Use-after-free in resource loader
CVE-2013-2922: Use-after-free in template element
CVE-2013-2923: Various fixes from internal audits, fuzzing and other
               initiatives
CVE-2013-2924: Use-after-free in ICU. Upstream bug
                

References

SRPMS

3/core

3/tainted

2/core