Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201502-13 ] Chromium: Multiple vulnerabilities
Date: Tue, 17 Feb 2015 22:31:07
Message-Id: 54E3BAB8.8080101@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201502-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: February 17, 2015
10 Bugs: #537366, #539094
11 ID: 201502-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium, the worst of
19 which can allow remote attackers to cause Denial of Service or gain
20 escalated privileges.
21
22 Background
23 ==========
24
25 Chromium is an open-source web browser project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Chromium. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker may be able to cause a Denial of Service condition,
45 gain privileges via a filesystem: URI, or have other unspecified
46 impact.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Chromium users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2014-7923
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923
66 [ 2 ] CVE-2014-7924
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924
68 [ 3 ] CVE-2014-7925
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925
70 [ 4 ] CVE-2014-7926
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926
72 [ 5 ] CVE-2014-7927
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927
74 [ 6 ] CVE-2014-7928
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928
76 [ 7 ] CVE-2014-7929
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929
78 [ 8 ] CVE-2014-7930
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930
80 [ 9 ] CVE-2014-7931
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931
82 [ 10 ] CVE-2014-7932
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932
84 [ 11 ] CVE-2014-7933
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933
86 [ 12 ] CVE-2014-7934
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934
88 [ 13 ] CVE-2014-7935
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935
90 [ 14 ] CVE-2014-7936
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936
92 [ 15 ] CVE-2014-7937
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
94 [ 16 ] CVE-2014-7938
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938
96 [ 17 ] CVE-2014-7939
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939
98 [ 18 ] CVE-2014-7940
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940
100 [ 19 ] CVE-2014-7941
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941
102 [ 20 ] CVE-2014-7942
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942
104 [ 21 ] CVE-2014-7943
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943
106 [ 22 ] CVE-2014-7944
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944
108 [ 23 ] CVE-2014-7945
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945
110 [ 24 ] CVE-2014-7946
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946
112 [ 25 ] CVE-2014-7947
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947
114 [ 26 ] CVE-2014-7948
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948
116 [ 27 ] CVE-2014-9646
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646
118 [ 28 ] CVE-2014-9647
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647
120 [ 29 ] CVE-2014-9648
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648
122 [ 30 ] CVE-2015-1205
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205
124 [ 31 ] CVE-2015-1209
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209
126 [ 32 ] CVE-2015-1210
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210
128 [ 33 ] CVE-2015-1211
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211
130 [ 34 ] CVE-2015-1212
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212
132 [ 35 ] CVE-2015-1346
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346
134 [ 36 ] CVE-2015-1359
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359
136 [ 37 ] CVE-2015-1360
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360
138 [ 38 ] CVE-2015-1361
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361
140
141 Availability
142 ============
143
144 This GLSA and any updates to it are available for viewing at
145 the Gentoo Security Website:
146
147 http://security.gentoo.org/glsa/glsa-201502-13.xml
148
149 Concerns?
150 =========
151
152 Security is a primary focus of Gentoo Linux and ensuring the
153 confidentiality and security of our users' machines is of utmost
154 importance to us. Any security concerns should be addressed to
155 security@g.o or alternatively, you may file a bug at
156 https://bugs.gentoo.org.
157
158 License
159 =======
160
161 Copyright 2015 Gentoo Foundation, Inc; referenced text
162 belongs to its owner(s).
163
164 The contents of this document are licensed under the
165 Creative Commons - Attribution / Share Alike license.
166
167 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups