Errata ALT-PU-2013-1119-1: Information
Fixes
Published: Dec. 9, 2013
BDU:2015-06136
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 9, 2013
BDU:2015-06137
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Dec. 9, 2013
BDU:2015-06138
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 9, 2013
BDU:2015-06139
Множественные уязвимости пакета libjpeg-turbo-static-1.2.1 операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Dec. 9, 2013
BDU:2015-07110
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 9, 2013
BDU:2015-07111
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 9, 2013
BDU:2015-07112
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09076
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09077
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09078
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09079
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09080
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09081
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Dec. 10, 2013
BDU:2015-09082
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
Links:
Published: Nov. 25, 2019
BDU:2019-04721
Уязвимость расширения Kaspersky Protection браузера Google Chrome, позволяющая нарушителю удалить произвольные расширения chrome
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: Nov. 13, 2013
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2013-2931
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.
Severity: CRITICAL (10.0)
Links:
- https://code.google.com/p/chromium/issues/detail?id=271235
- oval:org.mitre.oval:def:19183
- https://code.google.com/p/chromium/issues/detail?id=263255
- https://code.google.com/p/chromium/issues/detail?id=285578
- https://code.google.com/p/chromium/issues/detail?id=297556
- openSUSE-SU-2014:0065
- https://code.google.com/p/chromium/issues/detail?id=282738
- https://code.google.com/p/chromium/issues/detail?id=296276
- https://code.google.com/p/chromium/issues/detail?id=303232
- https://code.google.com/p/chromium/issues/detail?id=299993
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- https://code.google.com/p/chromium/issues/detail?id=302810
- https://code.google.com/p/chromium/issues/detail?id=315823
- openSUSE-SU-2013:1776
- https://code.google.com/p/chromium/issues/detail?id=304226
- https://code.google.com/p/chromium/issues/detail?id=264574
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://code.google.com/p/chromium/issues/detail?id=258723
- DSA-2799
- openSUSE-SU-2013:1861
- openSUSE-SU-2013:1777
- https://code.google.com/p/chromium/issues/detail?id=299835
- https://code.google.com/p/chromium/issues/detail?id=306255
- https://code.google.com/p/chromium/issues/detail?id=286368
- https://code.google.com/p/chromium/issues/detail?id=314225
Published: Nov. 13, 2013
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2013-6621
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
Severity: HIGH (7.5)
Links:
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6622
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.
Severity: MEDIUM (6.8)
Links:
- https://code.google.com/p/chromium/issues/detail?id=272786
- https://src.chromium.org/viewvc/blink?revision=159031&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
- oval:org.mitre.oval:def:18335
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6623
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.
Severity: MEDIUM (4.3)
Links:
- https://src.chromium.org/viewvc/blink?revision=158480&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- https://code.google.com/p/chromium/issues/detail?id=282925
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
- oval:org.mitre.oval:def:19311
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6624
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
Severity: HIGH (7.5)
Links:
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6625
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.
Severity: MEDIUM (6.8)
Links:
- https://code.google.com/p/chromium/issues/detail?id=295010
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- https://src.chromium.org/viewvc/blink?revision=160037&view=revision
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
- http://support.apple.com/kb/HT6163
- http://support.apple.com/kb/HT6162
- APPLE-SA-2014-04-01-1
- https://support.apple.com/kb/HT6537
- oval:org.mitre.oval:def:19257
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6626
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via a crafted web site.
Severity: MEDIUM (4.3)
Links:
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- https://src.chromium.org/viewvc/chrome?revision=225026&view=revision
- https://code.google.com/p/chromium/issues/detail?id=295695
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
- oval:org.mitre.oval:def:18401
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6627
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
Severity: MEDIUM (5.0)
Links:
- https://code.google.com/p/chromium/issues/detail?id=299892
- https://src.chromium.org/viewvc/chrome?revision=226539&view=revision
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
- 40944
- 20161219 CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR
- http://packetstormsecurity.com/files/140209/Chrome-HTTP-1xx-Out-Of-Bounds-Read.html
- http://blog.skylined.nl/20161219001.html
- oval:org.mitre.oval:def:19113
Published: Nov. 13, 2013
Modified: Sept. 19, 2017
Modified: Sept. 19, 2017
CVE-2013-6628
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
Severity: MEDIUM (4.3)
Links:
- https://src.chromium.org/viewvc/chrome?revision=229611&view=revision
- https://code.google.com/p/chromium/issues/detail?id=306959
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
- https://secure-resumption.com/
- oval:org.mitre.oval:def:19108
Published: Nov. 19, 2013
Modified: June 21, 2023
Modified: June 21, 2023
CVE-2013-6629
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Severity: MEDIUM (5.0)
Links:
- https://code.google.com/p/chromium/issues/detail?id=258723
- https://src.chromium.org/viewvc/chrome?revision=229729&view=revision
- 20131112 bugs in IJG jpeg6b & libjpeg-turbo
- http://bugs.ghostscript.com/show_bug.cgi?id=686980
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- DSA-2799
- RHSA-2013:1803
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- RHSA-2013:1804
- USN-2053-1
- USN-2052-1
- openSUSE-SU-2013:1777
- FEDORA-2013-23127
- openSUSE-SU-2013:1957
- openSUSE-SU-2013:1959
- openSUSE-SU-2013:1958
- 56175
- openSUSE-SU-2014:0008
- FEDORA-2013-23295
- openSUSE-SU-2013:1917
- USN-2060-1
- openSUSE-SU-2013:1916
- FEDORA-2013-23291
- openSUSE-SU-2013:1918
- FEDORA-2013-23519
- openSUSE-SU-2014:0065
- http://support.apple.com/kb/HT6150
- MDVSA-2013:273
- http://advisories.mageia.org/MGASA-2013-0333.html
- http://support.apple.com/kb/HT6163
- http://support.apple.com/kb/HT6162
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- 58974
- 59058
- https://www.ibm.com/support/docview.wss?uid=swg21675973
- GLSA-201406-32
- 1029476
- 1029470
- GLSA-201606-03
- SSRT101668
- SSRT101667
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2013-6629
- 63676
- RHSA-2014:0414
- RHSA-2014:0413
Published: Nov. 19, 2013
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2013-6630
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
Severity: MEDIUM (5.0)
Links:
- https://code.google.com/p/chromium/issues/detail?id=299835
- 20131112 bugs in IJG jpeg6b & libjpeg-turbo
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=891693
- DSA-2799
- openSUSE-SU-2013:1776
- RHSA-2013:1803
- openSUSE-SU-2013:1861
- USN-2053-1
- USN-2052-1
- openSUSE-SU-2013:1777
- FEDORA-2013-23127
- openSUSE-SU-2013:1957
- openSUSE-SU-2013:1959
- openSUSE-SU-2013:1958
- 56175
- openSUSE-SU-2014:0008
- FEDORA-2013-23295
- openSUSE-SU-2013:1917
- USN-2060-1
- openSUSE-SU-2013:1916
- FEDORA-2013-23291
- openSUSE-SU-2013:1918
- FEDORA-2013-23519
- openSUSE-SU-2014:0065
- MDVSA-2013:273
- http://advisories.mageia.org/MGASA-2013-0333.html
- 1029476
- 1029470
- GLSA-201606-03
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git%3Ba=commit%3Bh=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8
Published: Nov. 19, 2013
Modified: March 6, 2014
Modified: March 6, 2014
CVE-2013-6631
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
Severity: HIGH (7.5)
Links:
- https://code.google.com/p/chromium/issues/detail?id=296804
- https://webrtc-codereview.appspot.com/2275008
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html
- https://code.google.com/p/webrtc/source/detail?r=4827
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
Published: Nov. 18, 2013
Modified: Dec. 13, 2018
Modified: Dec. 13, 2018
CVE-2013-6632
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
Severity: CRITICAL (9.3)
Links:
- https://code.google.com/p/chromium/issues/detail?id=319125
- http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/
- http://googlechromereleases.blogspot.com/2013/11/chrome-for-android-update.html
- http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html
- https://code.google.com/p/chromium/issues/detail?id=319117
- DSA-2799
- openSUSE-SU-2013:1777
- openSUSE-SU-2013:1776
- openSUSE-SU-2013:1861
- openSUSE-SU-2014:0065
Published: Nov. 25, 2019
Modified: Aug. 24, 2020
Modified: Aug. 24, 2020
CVE-2019-15684
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links: