Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 17 Oct 2013Modification date: 21 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2906 , CVE-2013-2907 , CVE-2013-2908 , CVE-2013-2909 , CVE-2013-2910 , CVE-2013-2911 , CVE-2013-2912 , CVE-2013-2913 , CVE-2013-2914 , CVE-2013-2915 , CVE-2013-2916 , CVE-2013-2917 , CVE-2013-2918 , CVE-2013-2919 , CVE-2013-2920 , CVE-2013-2921 , CVE-2013-2922 , CVE-2013-2923 , CVE-2013-2924
Description
This updates chromium-browser to the latest stable version, fixing
multiple security vulnerabilities.
Security fixes:
CVE-2013-2906: Races in Web Audio
CVE-2013-2907: Out of bounds read in Window.prototype object
CVE-2013-2908: Address bar spoofing related to the "204 No Content"
status code
CVE-2013-2909: Use after free in inline-block rendering
CVE-2013-2910: Use-after-free in Web Audio
CVE-2013-2911: Use-after-free in XSLT
CVE-2013-2912: Use-after-free in PPAPI
CVE-2013-2913: Use-after-free in XML document parsing
CVE-2013-2914: Use after free in the Windows color chooser dialog
CVE-2013-2915: Address bar spoofing via a malformed scheme
CVE-2013-2916: Address bar spoofing related to the "204 No Content"
status code
CVE-2013-2917: Out of bounds read in Web Audio
CVE-2013-2918: Use-after-free in DOM
CVE-2013-2919: Memory corruption in V8
CVE-2013-2920: Out of bounds read in URL parsing
CVE-2013-2921: Use-after-free in resource loader
CVE-2013-2922: Use-after-free in template element
CVE-2013-2923: Various fixes from internal audits, fuzzing and other
initiatives
CVE-2013-2924: Use-after-free in ICU. Upstream bug
References
- http://googlechromereleases.blogspot.ro/2013/10/stable-channel-update.html
- https://bugs.mageia.org/show_bug.cgi?id=11361
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924
SRPMS
2/core
- chromium-browser-stable-30.0.1599.66-1.mga2
3/core
- chromium-browser-stable-30.0.1599.66-1.mga3
3/tainted
- chromium-browser-stable-30.0.1599.66-1.mga3.tainted