Test ID:	1.3.6.1.4.1.25623.1.0.702799
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2799-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-2799-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-2799-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2931 The chrome 31 development team found various issues from internal fuzzing, audits, and other studies. CVE-2013-6621 Khalil Zhani discovered a use-after-free issue in speech input handling. CVE-2013-6622 cloudfuzzer discovered a use-after-free issue in HTMLMediaElement. CVE-2013-6623 miaubiz discovered an out-of-bounds read in the Blink/Webkit SVG implementation. CVE-2013-6624 Jon Butler discovered a use-after-free issue in id attribute strings. CVE-2013-6625 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit DOM implementation. CVE-2013-6626 Chamal de Silva discovered an address bar spoofing issue. CVE-2013-6627 skylined discovered an out-of-bounds read in the HTTP stream parser. CVE-2013-6628 Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris discovered that a different (unverified) certificate could be used after successful TLS renegotiation with a valid certificate. CVE-2013-6629 Michal Zalewski discovered an uninitialized memory read in the libjpeg and libjpeg-turbo libraries. CVE-2013-6630 Michal Zalewski discovered another uninitialized memory read in the libjpeg and libjpeg-turbo libraries. CVE-2013-6631 Patrik Hoglund discovered a use-free issue in the libjingle library. CVE-2013-6632 Pinkie Pie discovered multiple memory corruption issues. For the stable distribution (wheezy), these problems have been fixed in version 31.0.1650.57-1~ deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 31.0.1650.57-1. We recommend that you upgrade your chromium-browser packages. Affected Software/OS: 'chromium-browser' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2931 Debian Security Information: DSA-2799 (Google Search) http://www.debian.org/security/2013/dsa-2799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19183 SuSE Security Announcement: openSUSE-SU-2013:1776 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html SuSE Security Announcement: openSUSE-SU-2013:1777 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html SuSE Security Announcement: openSUSE-SU-2013:1861 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html SuSE Security Announcement: openSUSE-SU-2014:0065 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19006 Common Vulnerability Exposure (CVE) ID: CVE-2013-6622 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18335 Common Vulnerability Exposure (CVE) ID: CVE-2013-6623 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19311 Common Vulnerability Exposure (CVE) ID: CVE-2013-6624 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19168 Common Vulnerability Exposure (CVE) ID: CVE-2013-6625 http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19257 Common Vulnerability Exposure (CVE) ID: CVE-2013-6626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18401 Common Vulnerability Exposure (CVE) ID: CVE-2013-6627 https://www.exploit-db.com/exploits/40944/ http://seclists.org/fulldisclosure/2016/Dec/65 http://blog.skylined.nl/20161219001.html http://packetstormsecurity.com/files/140209/Chrome-HTTP-1xx-Out-Of-Bounds-Read.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19113 Common Vulnerability Exposure (CVE) ID: CVE-2013-6628 https://secure-resumption.com/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19108 Common Vulnerability Exposure (CVE) ID: CVE-2013-6629 BugTraq ID: 63676 http://www.securityfocus.com/bid/63676 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html http://security.gentoo.org/glsa/glsa-201406-32.xml https://security.gentoo.org/glsa/201606-03 HPdes Security Advisory: HPSBUX03091 http://marc.info/?l=bugtraq&m=140852886808946&w=2 HPdes Security Advisory: HPSBUX03092 http://marc.info/?l=bugtraq&m=140852974709252&w=2 HPdes Security Advisory: SSRT101667 HPdes Security Advisory: SSRT101668 http://www.mandriva.com/security/advisories?name=MDVSA-2013:273 RedHat Security Advisories: RHSA-2013:1803 http://rhn.redhat.com/errata/RHSA-2013-1803.html RedHat Security Advisories: RHSA-2013:1804 http://rhn.redhat.com/errata/RHSA-2013-1804.html RedHat Security Advisories: RHSA-2014:0413 https://access.redhat.com/errata/RHSA-2014:0413 RedHat Security Advisories: RHSA-2014:0414 https://access.redhat.com/errata/RHSA-2014:0414 http://www.securitytracker.com/id/1029470 http://www.securitytracker.com/id/1029476 http://secunia.com/advisories/56175 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 SuSE Security Announcement: openSUSE-SU-2013:1916 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html SuSE Security Announcement: openSUSE-SU-2013:1917 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1918 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html SuSE Security Announcement: openSUSE-SU-2013:1957 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html SuSE Security Announcement: openSUSE-SU-2013:1958 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html SuSE Security Announcement: openSUSE-SU-2013:1959 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html SuSE Security Announcement: openSUSE-SU-2014:0008 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http://www.ubuntu.com/usn/USN-2052-1 http://www.ubuntu.com/usn/USN-2053-1 http://www.ubuntu.com/usn/USN-2060-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6630 Common Vulnerability Exposure (CVE) ID: CVE-2013-6631 Common Vulnerability Exposure (CVE) ID: CVE-2013-6632 http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/ Common Vulnerability Exposure (CVE) ID: CVE-2013-6802 XForce ISS Database: google-chrome-cve20136802-sec-bypass(89201) https://exchange.xforce.ibmcloud.com/vulnerabilities/89201
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.