Security Information / 2013 / Security Information -- DSA-2741-1 chromium-browser

Debian Security Advisory

DSA-2741-1 chromium-browser -- several vulnerabilities

Date Reported:

25 Aug 2013

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-2887, CVE-2013-2900, CVE-2013-2901, CVE-2013-2902, CVE-2013-2903, CVE-2013-2904, CVE-2013-2905.

More information:

Several vulnerabilities have been discovered in the Chromium web browser.

• CVE-2013-2887

  The chrome 29 development team found various issues from internal fuzzing, audits, and other studies.

• CVE-2013-2900

  Krystian Bigaj discovered a file handling path sanitization issue.

• CVE-2013-2901

  Alex Chapman discovered an integer overflow issue in ANGLE, the Almost Native Graphics Layer.

• CVE-2013-2902

  cloudfuzzer discovered a use-after-free issue in XSLT.

• CVE-2013-2903

  cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

• CVE-2013-2904

  cloudfuzzer discovered a use-after-free issue in XML document parsing.

• CVE-2013-2905

  Christian Jaeger discovered an information leak due to insufficient file permissions.

For the stable distribution (wheezy), these problems have been fixed in version 29.0.1547.57-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 29.0.1547.57-1.

We recommend that you upgrade your chromium-browser packages.