Bug 850430 (CVE-2013-2931) - VUL-0: CVE-2013-2931: chromium-browser: Google Chrome before 31.0.1650.48 multiple vulnerabilities
Summary: VUL-0: CVE-2013-2931: chromium-browser: Google Chrome before 31.0.1650.48 mul...
Status: RESOLVED FIXED
Alias: CVE-2013-2931
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2013-11-21
Assignee: Forgotten User sM9JzehKpy
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:55102:important CVSSv2:...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-14 10:36 UTC by Victor Pereira
Modified: 2016-04-27 19:58 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-11-14 10:36:44 UTC 
tracking bug for the following vulnerabilites:

CVE-2013-6621 Use-after-free vulnerability allows remote attackers to cause a denial of service 

CVE-2013-6622 Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink allows remote attackers to cause a denial of service 

CVE-2013-6623 SVG implementation in Blink,  allows remote attackers to cause a denial of service

CVE-2013-6624 Use-after-free vulnerability allows remote attackers to cause a denial of service 

CVE-2013-6625 Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects.

CVE-2013-6626 WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc idoes not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.

CVE-2013-6627 net/http/http_stream_parser.cc does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.

CVE-2013-6628 net/socket/ssl_client_socket_nss.cc in the TLS implementation  does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.

CVE-2013-2931 Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6621
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6622
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6623
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6624
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6625
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6626
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6627
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6628
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6631
Comment 1 Swamp Workflow Management 2013-11-14 10:43:18 UTC 
The SWAMPID for this issue is 55102.
This issue was rated as important.
Please submit fixed packages until 2013-11-21.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Marcus Meissner 2013-11-14 20:08:43 UTC 
Issue is canceled already. assign to opensuse maintainer
Comment 5 Swamp Workflow Management 2013-11-14 23:00:25 UTC 
bugbot adjusting priority
Comment 6 Victor Pereira 2013-11-20 10:46:42 UTC 
this week some new chromium vulnerabilities were disclosured:


CVE-2013-6629 (get_sos function in jdmarker.c in libjpeg 6b and libjpeg-turbo leak sensitive data):
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6629

CVE-2013-6630 (get_dht function in jdmarker.c in libjpeg-turbo leak sensitive information)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6630

CVE-2013-6632 (Integer overflow allows remote attackers to execute arbitrary code)
 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6632

CVE-2013-6802 (sandobox restrictions bypass by leveraging access to a renderer process)

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6802
Comment 7 Swamp Workflow Management 2013-11-27 19:04:31 UTC 
openSUSE-SU-2013:1776-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 849715,850430
CVE References: CVE-2013-2925,CVE-2013-2926,CVE-2013-2927,CVE-2013-2928,CVE-2013-2931,CVE-2013-6621,CVE-2013-6622,CVE-2013-6623,CVE-2013-6624,CVE-2013-6625,CVE-2013-6626,CVE-2013-6627,CVE-2013-6628,CVE-2013-6629,CVE-2013-6630,CVE-2013-6631,CVE-2013-6632
Sources used:
openSUSE 12.3 (src):    chromium-31.0.1650.57-1.17.1
Comment 8 Swamp Workflow Management 2013-11-27 19:04:43 UTC 
openSUSE-SU-2013:1777-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 850430
CVE References: CVE-2013-2931,CVE-2013-6621,CVE-2013-6622,CVE-2013-6623,CVE-2013-6624,CVE-2013-6625,CVE-2013-6626,CVE-2013-6627,CVE-2013-6628,CVE-2013-6629,CVE-2013-6630,CVE-2013-6631,CVE-2013-6632
Sources used:
openSUSE 12.2 (src):    chromium-31.0.1650.57-1.54.1
Comment 9 Sebastian Krahmer 2013-12-10 10:17:27 UTC 
done