Updated chromium-browser-stable packages address multiple vulnerabilities
Publication date: 27 Feb 2014Modification date: 27 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6653 , CVE-2013-6654 , CVE-2013-6655 , CVE-2013-6656 , CVE-2013-6657 , CVE-2013-6658 , CVE-2013-6659 , CVE-2013-6660 , CVE-2013-6661
Description
Use-after-free related to web contents (CVE-2013-6653). Bad cast in SVG (CVE-2013-6654). Use-after-free in layout (CVE-2013-6655). Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657). Use-after-free in layout (CVE-2013-6658). Issue with certificates validation in TLS handshake (CVE-2013-6659). Information leak in drag and drop (CVE-2013-6660). Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers (CVE-2013-6661).
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html
- https://bugs.mageia.org/show_bug.cgi?id=12885
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
SRPMS
3/core
- chromium-browser-stable-33.0.1750.117-1.mga3
3/tainted
- chromium-browser-stable-33.0.1750.117-1.mga3.tainted
4/core
- chromium-browser-stable-33.0.1750.117-1.mga4
4/tainted
- chromium-browser-stable-33.0.1750.117-1.mga4.tainted