Advisories ยป MGASA-2013-0383

Updated chromium-browser-stable fixes multiple vulnerabilities

Publication date: 23 Dec 2013
Modification date: 23 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6632 , CVE-2013-6634 , CVE-2013-6635 , CVE-2013-6636 , CVE-2013-6637 , CVE-2013-6638 , CVE-2013-6639 , CVE-2013-6640

Description

Updated chromium-browser-stable packages fix security vulnerabilities:

Pinkie Pie discovered multiple memory corruption issues (CVE-2013-6632).

Andrey Labunets discovered that the wrong URL was used during validation in
the one-click sign on helper (CVE-2013-6634).

cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM
editing commands (CVE-2013-6635).

Bas Venis discovered an address bar spoofing issue (CVE-2013-6636).

The chrome 31 development team discovered and fixed multiple issues with
potential security impact (CVE-2013-6637).

Jakob Kummerow of the Chromium project discovered a buffer overflow in the v8
javascript library (CVE-2013-6638).

Jakob Kummerow of the Chromium project discovered an out-of-bounds write in
the v8 javascript library (CVE-2013-6639).

Jakob Kummerow of the Chromium project discovered an out-of-bounds read in
the v8 javascript library (CVE-2013-6640).

References

SRPMS

3/core

3/tainted