Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201302-0265 CVE-2013-0888 Google Chrome Used in Skia Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads.". Google Chrome Used in Skia There is a service disruption (out-of-bounds read) There is a vulnerability that becomes a condition.Service disruption by a third party (out-of-bounds read) There is a possibility of being put into a state. Google Chrome is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record for better documentation. Google Chrome is a web browser developed by Google (Google). A vulnerability exists in Skia used by versions prior to 25.0.1364.97 of Google Chrome on Windows and Linux, and versions prior to 25.0.1364.99 of Google Chrome on Mac OS X. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0266 CVE-2013-0889 Google Chrome Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. Google Chrome is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass the security restrictions. Successfully exploiting this issue may allow attackers to execute arbitrary code. Very limited information is currently available regarding this issue. We will update this BID as more information emerges. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. A vulnerability exists in versions prior to Google Chrome 25.0.1364.97 on Windows and Linux systems, and versions prior to Google Chrome 25.0.1364.99 on Mac OS X systems. The vulnerability stems from the fact that the program does not perform user action requirements before processing file downloads . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201401-0579 CVE-2013-0340 Expat Code problem vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Expat is prone to multiple denial-of-service vulnerabilities. Successful exploits will allow attackers to consume large amounts of memory and cause a crash through specially crafted XML containing malicious attributes. Expat 2.1.0 and prior versions are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Expat: Multiple vulnerabilities Date: January 11, 2017 Bugs: #458742, #555642, #577928, #583268, #585510 ID: 201701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Background ========== Expat is a set of XML parsing libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.2.0-r1 >= 2.2.0-r1 Description =========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. This attack could also be used against automated systems that arbitrarily process XML files. Workaround ========== There is no known workaround at this time. Resolution ========== All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.2.0-r1" References ========== [ 1 ] CVE-2012-6702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702 [ 2 ] CVE-2013-0340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340 [ 3 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 4 ] CVE-2016-0718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718 [ 5 ] CVE-2016-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472 [ 6 ] CVE-2016-5300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 iOS 15 and iPadOS 15 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212814. Accessory Manager Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: Siddharth Aeri (@b1n4r1b01) AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30838: proteas wang bootp Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium) Entry added October 25, 2021 CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab Entry added October 25, 2021 CoreML Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day Initiative Face ID Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation) Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID Description: This issue was addressed by improving Face ID anti- spoofing models. CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year Security Lab FaceTime Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: The issue was addressed with improved permissions logic. CVE-2021-30816: Atharv (@atharv0x0) Entry added October 25, 2021 FaceTime Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call Description: A logic issue was addressed with improved validation. CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime Entry added October 25, 2021 FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021 FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021 FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab Entry added October 25, 2021 iCloud Photo Library Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to access photo metadata without needing permission to access photos Description: The issue was addressed with improved authentication. CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021 ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30814: hjy79425575 Entry added October 25, 2021 ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab libexpat Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30819: Apple NetworkExtension Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A VPN configuration may be installed by an app without user permission Description: An authorization issue was addressed with improved state management. CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira- boccardo) Entry added October 25, 2021 Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Quick Look Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Previewing an html file attached to a note may unexpectedly contact remote servers Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management. CVE-2021-30870: Saif Hamed Al Hinai Oman CERT Entry added October 25, 2021 Sandbox Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021 Siri Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to view contacts from the lock screen Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. CVE-2021-30815: an anonymous researcher Telephony Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad Air 2, iPad (5th generation), and iPad mini 4 Impact: In certain situations, the baseband would fail to enable integrity and ciphering protection Description: A logic issue was addressed with improved state management. CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST SysSec Lab WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30884: an anonymous researcher Entry added October 25, 2021 WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021 WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs Entry added October 25, 2021 WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30809: an anonymous researcher Entry added October 25, 2021 WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30846: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30848: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30849: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30851: Samuel Groß of Google Project Zero Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. Bluetooth We would like to acknowledge an anonymous researcher for their assistance. File System We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge an anonymous researcher for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "15" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb 41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48 Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH 5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8 k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6 HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ= =lg51 -----END PGP SIGNATURE----- . CoreGraphics Available for: macOS Big Sur Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30860: The Citizen Lab CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021 CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021 CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021 curl Available for: macOS Big Sur Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021 CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021 SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. Apple is aware of a report that this issue may have been actively exploited. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021 CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance
VAR-201310-0633 CVE-2013-0337 nginx Vulnerability in which important information is obtained in default settings CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Nginx is prone to an insecure file-permission vulnerability. Such information could aid in other attacks. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. There is a security vulnerability in the default configuration of nginx 1.3.13 and earlier versions. The vulnerability stems from the fact that the program uses globally readable permissions for the access.log and error.log files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2 Description =========== Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2" References ========== [ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0360 CVE-2013-2268 Google Chrome of WebKit of MathML Vulnerability in implementation of CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.". The impact of this issue is unknown. Very little information is known about this issue. We will update this BID as soon as more information becomes available. Google Chrome is a web browser developed by Google (Google). A remote attacker can exploit this vulnerability through an unknown vector to have unknown effects on the program
VAR-201302-0286 CVE-2013-0887 Google Chrome of developer-tools Process vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors. The impact of this issue is currently unknown. We will update this BID when more information emerges. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). Attackers exploit this vulnerability with unknown impact and attack vectors. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0285 CVE-2013-0886 Mac OS X Run on Google Chrome Vulnerability in CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. Google Chrome is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). A vulnerability exists in Google Chrome versions prior to 25.0.1364.99 on Mac OS X systems. Attackers exploit this vulnerability with unknown impact and attack vectors
VAR-201302-0284 CVE-2013-0883 Google Chrome Used in Skia Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. Google Chrome Used in Skia There is a service disruption ( Illegal read operation ) There is a vulnerability that becomes a condition.Service disruption by a third party ( Illegal read operation ) There is a possibility of being put into a state. Google Chrome is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0283 CVE-2013-0882 Google Chrome Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters. Google Chrome is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). The vulnerability exists in Google Chrome versions prior to 25.0.1364.97 on Windows and Linux-based systems, and Google Chrome versions prior to 25.0.1364.99 on Mac OS X-based systems. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0282 CVE-2013-0885 Google Chrome Vulnerability in CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors. The impact of this issue is currently unknown. We will update this BID when more information emerges. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). Attackers exploit this vulnerability with unknown impact and attack vectors. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0280 CVE-2013-0881 Google Chrome Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format. Google Chrome is prone to a denial-of-service vulnerability. Successful exploits will cause the device to crash, denying service to legitimate users. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). The vulnerability exists in Google Chrome versions prior to 25.0.1364.97 on Windows and Linux-based systems, and versions prior to 25.0.1364.99 on Mac OS X-based systems. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0281 CVE-2013-0884 Google Chrome Vulnerability in CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. The impact of this issue is currently unknown. We will update this BID when more information emerges. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). Attackers exploit this vulnerability with unknown impact and attack vectors. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0279 CVE-2013-0880 Google Chrome Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Google Chrome Use of freed memory due to lack of database processing (Use-after-free) Service disruption (DoS) There are vulnerabilities that can be affected indefinitely, such as being in a state.Service disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. Google Chrome is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0276 CVE-2013-0899 Google Chrome Used in Opus of src/opus_decoder.c Integer overflow vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. Google Chrome is prone to an integer-overflow vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record for better documentation. With longer packets, a remote attacker could exploit this vulnerability to cause a denial of service (out-of-bounds read). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0275 CVE-2013-0898 Google Chrome Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL. Google Chrome Use freed memory (Use-after-free) Service disruption (DoS) There are vulnerabilities that can be affected indefinitely, such as being in a state.Service disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. Google Chrome is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record for better documentation. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0272 CVE-2013-0895 Google Chrome Vulnerable to arbitrary program execution CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record for better documentation. Google Chrome is a web browser developed by Google (Google). Through an unknown vector, a remote attacker could exploit this vulnerability to execute arbitrary programs. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0274 CVE-2013-0897 Google Chrome of PDF Service disruption in functionality (DoS) Vulnerabilities CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document. Google Chrome is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). Through a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0273 CVE-2013-0896 Google Chrome Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome is prone to multiple remote memory-corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record for better documentation. Google Chrome is a web browser developed by Google (Google). A vulnerability exists in Google Chrome versions prior to 25.0.1364.97 on Windows and Linux systems, and Google Chrome versions prior to 25.0.1364.99 on Mac OS X systems. The vulnerability stems from the program not properly managing memory during plug-in message processing . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0270 CVE-2013-0893 Google Chrome Service disruption in (DoS) Vulnerabilities CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media. (DoS) There are vulnerabilities that can be affected indefinitely, such as being in a state.Service disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. Google Chrome is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, arbitrary code execution may also be possible; this has not been confirmed. Note: This issue was previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but has been moved to its own record to better document it. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201302-0269 CVE-2013-0892 Google Chrome of IPC Service disruption at the layer (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome is prone to multiple unspecified security vulnerabilities. Little is known about these issues or their effect at this time. We will update this BID as more information emerges. Note: These issues were previously discussed in BID 58101 (Google Chrome Multiple Security Vulnerabilities), but have been moved to their own record to better document them. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5