FreeBSD : chromium -- multiple vulnerabilities (dfd92cb2-7d48-11e2-ad48-00262d5ed8ee)

High Nessus Plugin ID 64859

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[172243] High CVE-2013-0879: Memory corruption with web audio node.
Credit to Atte Kettunen of OUSPG.

[171951] High CVE-2013-0880: Use-after-free in database handling.
Credit to Chamal de Silva.

[167069] Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.

[165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.

[142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.

[172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans).

[172369] Medium CVE-2013-0885: Too many API permissions granted to web store.

[171065] [170836] Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.

[170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).

[170569] Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.

[169973] [169966] High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).

[169685] High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Juri Aedla).

[169295] [168710] [166493] [165836] [165747] [164958] [164946] Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans).

[168570] Medium CVE-2013-0893: Race condition in media handling.
Credit to Andrew Scherkus of the Chromium development community.

[168473] High CVE-2013-0894: Buffer overflow in vorbis decoding.
Credit to Google Chrome Security Team (Inferno).

[Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Juri Aedla).

[166708] High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar).

[165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.

[164643] High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community.

[160480] Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Juri Aedla).

[152442] Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?bdc75d6a

http://www.nessus.org/u?fad94d42

Plugin Details

Severity: High

ID: 64859

File Name: freebsd_pkg_dfd92cb27d4811e2ad4800262d5ed8ee.nasl

Version: Revision: 1.9

Type: local

Published: 2013/02/24

Updated: 2016/05/26

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/02/22

Vulnerability Publication Date: 2013/02/21

Reference Information

CVE: CVE-2013-0879, CVE-2013-0880, CVE-2013-0881, CVE-2013-0882, CVE-2013-0883, CVE-2013-0884, CVE-2013-0885, CVE-2013-0887, CVE-2013-0888, CVE-2013-0889, CVE-2013-0890, CVE-2013-0891, CVE-2013-0892, CVE-2013-0893, CVE-2013-0894, CVE-2013-0895, CVE-2013-0896, CVE-2013-0897, CVE-2013-0898, CVE-2013-0899, CVE-2013-0900