| Summary: | chromium-browser-stable new security issues fixed in 29.0.1547.57 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/564817/ | ||
| Whiteboard: | MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | chromium-browser-stable-28.0.1500.95-1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-08-21 16:42:43 CEST
David Walser
2013-08-21 16:42:50 CEST
Whiteboard:
(none) =>
MGA3TOO, MGA2TOO Debian has issued an advisory for this on August 25: http://www.debian.org/security/2013/dsa-2741 URL:
(none) =>
http://lwn.net/Vulnerabilities/564817/ The stable channel has been upated to 29.0.1547.65: http://googlechromereleases.blogspot.com/2013/09/stable-channel-update.html D Morgan uploaded 29.0.1547.72 to Cauldron, which is actually older: http://src.chromium.org/viewvc/chrome/releases/ This should probably be reverted. Updated packages uploaded for Mageia 2, Mageia 3, and Cauldron. Note: Mageia 3 includes a tainted build. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: The chrome 29 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2887). Krystian Bigaj discovered a file handling path sanitization issue (CVE-2013-2900). Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer (CVE-2013-2901). cloudfuzzer discovered a use-after-free issue in XSLT (CVE-2013-2902). cloudfuzzer discovered a use-after-free issue in HTMLMediaElement (CVE-2013-2903). cloudfuzzer discovered a use-after-free issue in XML document parsing (CVE-2013-2904). Christian Jaeger discovered an information leak due to insufficient file permissions (CVE-2013-2905). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2905 http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html http://googlechromereleases.blogspot.com/2013/09/stable-channel-update.html http://www.debian.org/security/2013/dsa-2741 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-29.0.1547.65-1.mga2 chromium-browser-29.0.1547.65-1.mga2 chromium-browser-stable-29.0.1547.65-1.mga3 chromium-browser-29.0.1547.65-1.mga3 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-29.0.1547.65-1.mga3 chromium-browser-29.0.1547.65-1.mga3 from SRPMS: chromium-browser-stable-29.0.1547.65-1.mga2.src.rpm chromium-browser-stable-29.0.1547.65-1.mga3.src.rpm Version:
Cauldron =>
3 Advisory 11049.adv committed to svn. CC:
(none) =>
davidwhodgins Added the srpm chromium-browser-stable-29.0.1547.65-1.mga3.tainted to the advisory. Testing complete Mageia 2 and 3, i586 and x86_64, including tainted on Mageia 3. Someone from the sysadmin team please push 11049.adv to updates. Keywords:
(none) =>
validated_update http://advisories.mageia.org/MGASA-2013-0278.html Status:
NEW =>
RESOLVED
Nicolas Vigier
2014-05-08 18:06:39 CEST
CC:
boklm =>
(none) |