Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201309-16 ] Chromium, V8: Multiple vulnerabilities
Date: Wed, 25 Sep 2013 00:11:20
Message-Id: 524229CA.4020906@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201309-16
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Chromium, V8: Multiple vulnerabilities
9 Date: September 24, 2013
10 Bugs: #442096, #444826, #445246, #446944, #451334, #453610,
11 #458644, #460318, #460776, #463426, #470920, #472350,
12 #476344, #479048, #481990
13 ID: 201309-16
14
15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16
17 Synopsis
18 ========
19
20 Multiple vulnerabilities have been reported in Chromium and V8, some of
21 which may allow execution of arbitrary code.
22
23 Background
24 ==========
25
26 Chromium is an open-source web browser project. V8 is Google's open
27 source JavaScript engine.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57
36 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14
37 -------------------------------------------------------------------
38 2 affected packages
39
40 Description
41 ===========
42
43 Multiple vulnerabilities have been discovered in Chromium and V8.
44 Please review the CVE identifiers and release notes referenced below
45 for details.
46
47 Impact
48 ======
49
50 A context-dependent attacker could entice a user to open a specially
51 crafted web site or JavaScript program using Chromium or V8, possibly
52 resulting in the execution of arbitrary code with the privileges of the
53 process or a Denial of Service condition. Furthermore, a remote
54 attacker may be able to bypass security restrictions or have other,
55 unspecified, impact.
56
57 Workaround
58 ==========
59
60 There is no known workaround at this time.
61
62 Resolution
63 ==========
64
65 All Chromium users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57"
69
70 All V8 users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
74
75 References
76 ==========
77
78 [ 1 ] CVE-2012-5116
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116
80 [ 2 ] CVE-2012-5117
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117
82 [ 3 ] CVE-2012-5118
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118
84 [ 4 ] CVE-2012-5119
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119
86 [ 5 ] CVE-2012-5120
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120
88 [ 6 ] CVE-2012-5121
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121
90 [ 7 ] CVE-2012-5122
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122
92 [ 8 ] CVE-2012-5123
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123
94 [ 9 ] CVE-2012-5124
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124
96 [ 10 ] CVE-2012-5125
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125
98 [ 11 ] CVE-2012-5126
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126
100 [ 12 ] CVE-2012-5127
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127
102 [ 13 ] CVE-2012-5128
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128
104 [ 14 ] CVE-2012-5130
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130
106 [ 15 ] CVE-2012-5132
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132
108 [ 16 ] CVE-2012-5133
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133
110 [ 17 ] CVE-2012-5135
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135
112 [ 18 ] CVE-2012-5136
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136
114 [ 19 ] CVE-2012-5137
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137
116 [ 20 ] CVE-2012-5138
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138
118 [ 21 ] CVE-2012-5139
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139
120 [ 22 ] CVE-2012-5140
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140
122 [ 23 ] CVE-2012-5141
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141
124 [ 24 ] CVE-2012-5142
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142
126 [ 25 ] CVE-2012-5143
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143
128 [ 26 ] CVE-2012-5144
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
130 [ 27 ] CVE-2012-5145
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145
132 [ 28 ] CVE-2012-5146
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146
134 [ 29 ] CVE-2012-5147
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147
136 [ 30 ] CVE-2012-5148
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148
138 [ 31 ] CVE-2012-5149
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149
140 [ 32 ] CVE-2012-5150
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150
142 [ 33 ] CVE-2012-5151
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151
144 [ 34 ] CVE-2012-5152
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152
146 [ 35 ] CVE-2012-5153
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153
148 [ 36 ] CVE-2012-5154
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154
150 [ 37 ] CVE-2013-0828
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828
152 [ 38 ] CVE-2013-0829
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829
154 [ 39 ] CVE-2013-0830
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830
156 [ 40 ] CVE-2013-0831
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831
158 [ 41 ] CVE-2013-0832
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832
160 [ 42 ] CVE-2013-0833
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833
162 [ 43 ] CVE-2013-0834
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834
164 [ 44 ] CVE-2013-0835
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835
166 [ 45 ] CVE-2013-0836
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836
168 [ 46 ] CVE-2013-0837
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837
170 [ 47 ] CVE-2013-0838
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838
172 [ 48 ] CVE-2013-0839
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839
174 [ 49 ] CVE-2013-0840
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840
176 [ 50 ] CVE-2013-0841
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841
178 [ 51 ] CVE-2013-0842
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842
180 [ 52 ] CVE-2013-0879
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879
182 [ 53 ] CVE-2013-0880
183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880
184 [ 54 ] CVE-2013-0881
185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881
186 [ 55 ] CVE-2013-0882
187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882
188 [ 56 ] CVE-2013-0883
189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883
190 [ 57 ] CVE-2013-0884
191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884
192 [ 58 ] CVE-2013-0885
193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885
194 [ 59 ] CVE-2013-0887
195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887
196 [ 60 ] CVE-2013-0888
197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888
198 [ 61 ] CVE-2013-0889
199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889
200 [ 62 ] CVE-2013-0890
201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890
202 [ 63 ] CVE-2013-0891
203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891
204 [ 64 ] CVE-2013-0892
205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892
206 [ 65 ] CVE-2013-0893
207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893
208 [ 66 ] CVE-2013-0894
209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894
210 [ 67 ] CVE-2013-0895
211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895
212 [ 68 ] CVE-2013-0896
213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896
214 [ 69 ] CVE-2013-0897
215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897
216 [ 70 ] CVE-2013-0898
217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898
218 [ 71 ] CVE-2013-0899
219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899
220 [ 72 ] CVE-2013-0900
221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
222 [ 73 ] CVE-2013-0902
223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902
224 [ 74 ] CVE-2013-0903
225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903
226 [ 75 ] CVE-2013-0904
227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904
228 [ 76 ] CVE-2013-0905
229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905
230 [ 77 ] CVE-2013-0906
231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906
232 [ 78 ] CVE-2013-0907
233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907
234 [ 79 ] CVE-2013-0908
235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908
236 [ 80 ] CVE-2013-0909
237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909
238 [ 81 ] CVE-2013-0910
239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910
240 [ 82 ] CVE-2013-0911
241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911
242 [ 83 ] CVE-2013-0912
243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912
244 [ 84 ] CVE-2013-0916
245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916
246 [ 85 ] CVE-2013-0917
247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917
248 [ 86 ] CVE-2013-0918
249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918
250 [ 87 ] CVE-2013-0919
251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919
252 [ 88 ] CVE-2013-0920
253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920
254 [ 89 ] CVE-2013-0921
255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921
256 [ 90 ] CVE-2013-0922
257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922
258 [ 91 ] CVE-2013-0923
259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923
260 [ 92 ] CVE-2013-0924
261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924
262 [ 93 ] CVE-2013-0925
263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925
264 [ 94 ] CVE-2013-0926
265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926
266 [ 95 ] CVE-2013-2836
267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836
268 [ 96 ] CVE-2013-2837
269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837
270 [ 97 ] CVE-2013-2838
271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838
272 [ 98 ] CVE-2013-2839
273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839
274 [ 99 ] CVE-2013-2840
275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840
276 [ 100 ] CVE-2013-2841
277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841
278 [ 101 ] CVE-2013-2842
279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842
280 [ 102 ] CVE-2013-2843
281 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843
282 [ 103 ] CVE-2013-2844
283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844
284 [ 104 ] CVE-2013-2845
285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845
286 [ 105 ] CVE-2013-2846
287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846
288 [ 106 ] CVE-2013-2847
289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847
290 [ 107 ] CVE-2013-2848
291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848
292 [ 108 ] CVE-2013-2849
293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849
294 [ 109 ] CVE-2013-2853
295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853
296 [ 110 ] CVE-2013-2855
297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855
298 [ 111 ] CVE-2013-2856
299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856
300 [ 112 ] CVE-2013-2857
301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857
302 [ 113 ] CVE-2013-2858
303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858
304 [ 114 ] CVE-2013-2859
305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859
306 [ 115 ] CVE-2013-2860
307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860
308 [ 116 ] CVE-2013-2861
309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861
310 [ 117 ] CVE-2013-2862
311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862
312 [ 118 ] CVE-2013-2863
313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863
314 [ 119 ] CVE-2013-2865
315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865
316 [ 120 ] CVE-2013-2867
317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867
318 [ 121 ] CVE-2013-2868
319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868
320 [ 122 ] CVE-2013-2869
321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869
322 [ 123 ] CVE-2013-2870
323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870
324 [ 124 ] CVE-2013-2871
325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871
326 [ 125 ] CVE-2013-2874
327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874
328 [ 126 ] CVE-2013-2875
329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875
330 [ 127 ] CVE-2013-2876
331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876
332 [ 128 ] CVE-2013-2877
333 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
334 [ 129 ] CVE-2013-2878
335 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878
336 [ 130 ] CVE-2013-2879
337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879
338 [ 131 ] CVE-2013-2880
339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880
340 [ 132 ] CVE-2013-2881
341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881
342 [ 133 ] CVE-2013-2882
343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882
344 [ 134 ] CVE-2013-2883
345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883
346 [ 135 ] CVE-2013-2884
347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884
348 [ 136 ] CVE-2013-2885
349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885
350 [ 137 ] CVE-2013-2886
351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886
352 [ 138 ] CVE-2013-2887
353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887
354 [ 139 ] CVE-2013-2900
355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900
356 [ 140 ] CVE-2013-2901
357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901
358 [ 141 ] CVE-2013-2902
359 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902
360 [ 142 ] CVE-2013-2903
361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903
362 [ 143 ] CVE-2013-2904
363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904
364 [ 144 ] CVE-2013-2905
365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905
366 [ 145 ] Release Notes 23.0.1271.64
367
368 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
369 [ 146 ] Release Notes 23.0.1271.91
370
371 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
372 [ 147 ] Release Notes 23.0.1271.95
373
374 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html
375
376 Availability
377 ============
378
379 This GLSA and any updates to it are available for viewing at
380 the Gentoo Security Website:
381
382 http://security.gentoo.org/glsa/glsa-201309-16.xml
383
384 Concerns?
385 =========
386
387 Security is a primary focus of Gentoo Linux and ensuring the
388 confidentiality and security of our users' machines is of utmost
389 importance to us. Any security concerns should be addressed to
390 security@g.o or alternatively, you may file a bug at
391 https://bugs.gentoo.org.
392
393 License
394 =======
395
396 Copyright 2013 Gentoo Foundation, Inc; referenced text
397 belongs to its owner(s).
398
399 The contents of this document are licensed under the
400 Creative Commons - Attribution / Share Alike license.
401
402 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups