Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0249)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2013.0249

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2013-0249)

Zusammenfassung: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2013-0249 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2013-0249 advisory.

Vulnerability Insight:
Updated chromium-browser-stable packages fix security vulnerabilities:

Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame
handling (CVE-2013-2881).

Cloudfuzzer discovered a type confusion issue in the V8 javascript library
(CVE-2013-2882).

Cloudfuzzer discovered a use-after-free issue in MutationObserver
(CVE-2013-2883).

Ivan Fratric of the Google Security Team discovered a use-after-free issue in
the DOM implementation (CVE-2013-2884).

Ivan Fratric of the Google Security Team discovered a use-after-free issue in
input handling (CVE-2013-2885).

The chrome 28 development team found various issues from internal fuzzing,
audits, and other studies (CVE-2013-2886).

This update provides version 28.0.1500.95, which fixes these issues.

Additionally, Google Sync should now work (mga#9851), and playing of media
files with certain codecs, such as mp3, should now work with the tainted
build (mga#10828) in Mageia 3.

Affected Software/OS:
'chromium-browser-stable' package(s) on Mageia 2, Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-2881
Debian Security Information: DSA-2732 (Google Search)
http://www.debian.org/security/2013/dsa-2732
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17348
Common Vulnerability Exposure (CVE) ID: CVE-2013-2882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329
RedHat Security Advisories: RHSA-2013:1201
http://rhn.redhat.com/errata/RHSA-2013-1201.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17525
Common Vulnerability Exposure (CVE) ID: CVE-2013-2884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17597
Common Vulnerability Exposure (CVE) ID: CVE-2013-2885
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17672
Common Vulnerability Exposure (CVE) ID: CVE-2013-2886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17704

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2013.0249
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2013-0249)
Zusammenfassung:	The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2013-0249 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2013-0249 advisory. Vulnerability Insight: Updated chromium-browser-stable packages fix security vulnerabilities: Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling (CVE-2013-2881). Cloudfuzzer discovered a type confusion issue in the V8 javascript library (CVE-2013-2882). Cloudfuzzer discovered a use-after-free issue in MutationObserver (CVE-2013-2883). Ivan Fratric of the Google Security Team discovered a use-after-free issue in the DOM implementation (CVE-2013-2884). Ivan Fratric of the Google Security Team discovered a use-after-free issue in input handling (CVE-2013-2885). The chrome 28 development team found various issues from internal fuzzing, audits, and other studies (CVE-2013-2886). This update provides version 28.0.1500.95, which fixes these issues. Additionally, Google Sync should now work (mga#9851), and playing of media files with certain codecs, such as mp3, should now work with the tainted build (mga#10828) in Mageia 3. Affected Software/OS: 'chromium-browser-stable' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2881 Debian Security Information: DSA-2732 (Google Search) http://www.debian.org/security/2013/dsa-2732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17348 Common Vulnerability Exposure (CVE) ID: CVE-2013-2882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329 RedHat Security Advisories: RHSA-2013:1201 http://rhn.redhat.com/errata/RHSA-2013-1201.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2883 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17525 Common Vulnerability Exposure (CVE) ID: CVE-2013-2884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17597 Common Vulnerability Exposure (CVE) ID: CVE-2013-2885 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17672 Common Vulnerability Exposure (CVE) ID: CVE-2013-2886 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17704
Copyright	Copyright (C) 2022 Greenbone AG