Updated chromium-browser-stable packages address multiple vulnerabilities
Publication date: 27 Feb 2014Modification date: 27 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6653 , CVE-2013-6654 , CVE-2013-6655 , CVE-2013-6656 , CVE-2013-6657 , CVE-2013-6658 , CVE-2013-6659 , CVE-2013-6660 , CVE-2013-6661
Description
Use-after-free related to web contents (CVE-2013-6653).
Bad cast in SVG (CVE-2013-6654).
Use-after-free in layout (CVE-2013-6655).
Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657).
Use-after-free in layout (CVE-2013-6658).
Issue with certificates validation in TLS handshake (CVE-2013-6659).
Information leak in drag and drop (CVE-2013-6660).
Various fixes from internal audits, fuzzing and other initiatives. Of these,
seven are fixes for issues that could have allowed for sandbox escapes from
compromised renderers (CVE-2013-6661).
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
- https://bugs.mageia.org/show_bug.cgi?id=12885
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
SRPMS
3/core
- chromium-browser-stable-33.0.1750.117-1.mga3
3/tainted
- chromium-browser-stable-33.0.1750.117-1.mga3.tainted
4/core
- chromium-browser-stable-33.0.1750.117-1.mga4
4/tainted
- chromium-browser-stable-33.0.1750.117-1.mga4.tainted