| Description: | Summary:
The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2013-0234 advisory.
Vulnerability Insight:
Updated chromium-browser-stable packages fix security vulnerabilities:
The HTTPS implementation does not ensure that headers are terminated by
\r\n\r\n (carriage return, newline, carriage return, newline)
(CVE-2013-2853).
Chrome does not properly prevent pop-under windows (CVE-2013-2867).
common/extensions/sync_helper.cc proceeds with sync operations for NPAPI
extensions without checking for a certain plugin permission setting
(CVE-2013-2868).
Denial of service (out-of-bounds read) via a crafted JPEG2000 image
(CVE-2013-2869).
Use-after-free vulnerability in network sockets (CVE-2013-2870).
Use-after-free vulnerability in input handling (CVE-2013-2871).
Use-after-free vulnerability in resource loading (CVE-2013-2873).
Out-of-bounds read in SVG file handling (CVE-2013-2875).
Chrome does not properly enforce restrictions on the capture of screenshots
by extensions, which could lead to information disclosure from previous page
visits (CVE-2013-2876).
Out-of-bounds read in text handling (CVE-2013-2878).
The circumstances in which a renderer process can be considered a trusted
process for sign-in and subsequent sync operations were not properly, property
checked (CVE-2013-2879).
The chrome 28 development team found various issues from internal fuzzing,
audits, and other studies (CVE-2013-2880).
Affected Software/OS:
'chromium-browser-stable' package(s) on Mageia 2, Mageia 3.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
