Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201408-16 ] Chromium: Multiple vulnerabilities
Date: Sat, 30 Aug 2014 00:47:42
Message-Id: 54011C53.50004@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201408-16
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: August 30, 2014
10 Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
11 #512944, #517304, #519788, #521276
12 ID: 201408-16
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in Chromium, the worst of
20 which can allow remote attackers to execute arbitrary code.
21
22 Background
23 ==========
24
25 Chromium is an open-source web browser project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Chromium. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could conduct a number of attacks which include:
45 cross site scripting attacks, bypassing of sandbox protection,
46 potential execution of arbitrary code with the privileges of the
47 process, or cause a Denial of Service condition.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All chromium users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2014-1741
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
67 [ 2 ] CVE-2014-0538
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
69 [ 3 ] CVE-2014-1700
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
71 [ 4 ] CVE-2014-1701
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
73 [ 5 ] CVE-2014-1702
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
75 [ 6 ] CVE-2014-1703
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
77 [ 7 ] CVE-2014-1704
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
79 [ 8 ] CVE-2014-1705
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
81 [ 9 ] CVE-2014-1713
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
83 [ 10 ] CVE-2014-1714
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
85 [ 11 ] CVE-2014-1715
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
87 [ 12 ] CVE-2014-1716
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
89 [ 13 ] CVE-2014-1717
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
91 [ 14 ] CVE-2014-1718
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
93 [ 15 ] CVE-2014-1719
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
95 [ 16 ] CVE-2014-1720
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
97 [ 17 ] CVE-2014-1721
98 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
99 [ 18 ] CVE-2014-1722
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
101 [ 19 ] CVE-2014-1723
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
103 [ 20 ] CVE-2014-1724
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
105 [ 21 ] CVE-2014-1725
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
107 [ 22 ] CVE-2014-1726
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
109 [ 23 ] CVE-2014-1727
110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
111 [ 24 ] CVE-2014-1728
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
113 [ 25 ] CVE-2014-1729
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
115 [ 26 ] CVE-2014-1730
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
117 [ 27 ] CVE-2014-1731
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
119 [ 28 ] CVE-2014-1732
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
121 [ 29 ] CVE-2014-1733
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
123 [ 30 ] CVE-2014-1734
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
125 [ 31 ] CVE-2014-1735
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
127 [ 32 ] CVE-2014-1740
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
129 [ 33 ] CVE-2014-1742
130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
131 [ 34 ] CVE-2014-1743
132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
133 [ 35 ] CVE-2014-1744
134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
135 [ 36 ] CVE-2014-1745
136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
137 [ 37 ] CVE-2014-1746
138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
139 [ 38 ] CVE-2014-1747
140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
141 [ 39 ] CVE-2014-1748
142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
143 [ 40 ] CVE-2014-1749
144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
145 [ 41 ] CVE-2014-3154
146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
147 [ 42 ] CVE-2014-3155
148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
149 [ 43 ] CVE-2014-3156
150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
151 [ 44 ] CVE-2014-3157
152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
153 [ 45 ] CVE-2014-3160
154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
155 [ 46 ] CVE-2014-3162
156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
157 [ 47 ] CVE-2014-3165
158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
159 [ 48 ] CVE-2014-3166
160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
161 [ 49 ] CVE-2014-3167
162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
163 [ 50 ] CVE-2014-3168
164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
165 [ 51 ] CVE-2014-3169
166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
167 [ 52 ] CVE-2014-3170
168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
169 [ 53 ] CVE-2014-3171
170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
171 [ 54 ] CVE-2014-3172
172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
173 [ 55 ] CVE-2014-3173
174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
175 [ 56 ] CVE-2014-3174
176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
177 [ 57 ] CVE-2014-3175
178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
179 [ 58 ] CVE-2014-3176
180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
181 [ 59 ] CVE-2014-3177
182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
183
184 Availability
185 ============
186
187 This GLSA and any updates to it are available for viewing at
188 the Gentoo Security Website:
189
190 http://security.gentoo.org/glsa/glsa-201408-16.xml
191
192 Concerns?
193 =========
194
195 Security is a primary focus of Gentoo Linux and ensuring the
196 confidentiality and security of our users' machines is of utmost
197 importance to us. Any security concerns should be addressed to
198 security@g.o or alternatively, you may file a bug at
199 https://bugs.gentoo.org.
200
201 License
202 =======
203
204 Copyright 2014 Gentoo Foundation, Inc; referenced text
205 belongs to its owner(s).
206
207 The contents of this document are licensed under the
208 Creative Commons - Attribution / Share Alike license.
209
210 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups