Jump to content
Compatible Support Forums
Sign in to follow this  
news

[gentoo-announce] [ GLSA 201408-16 ] Chromium: Multiple vulnerabilities

Recommended Posts

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201408-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Chromium: Multiple vulnerabilities

Date: August 30, 2014

Bugs: #504328, #504890, #507212, #508788, #510288, #510904,

#512944, #517304, #519788, #521276

ID: 201408-16

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities have been found in Chromium, the worst of

which can allow remote attackers to execute arbitrary code.

 

Background

==========

 

Chromium is an open-source web browser project.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94

 

Description

===========

 

Multiple vulnerabilities have been discovered in Chromium. Please

review the CVE identifiers referenced below for details.

 

Impact

======

 

A remote attacker could conduct a number of attacks which include:

cross site scripting attacks, bypassing of sandbox protection,

potential execution of arbitrary code with the privileges of the

process, or cause a Denial of Service condition.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All chromium users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"

 

References

==========

 

[ 1 ] CVE-2014-1741

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741

[ 2 ] CVE-2014-0538

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538

[ 3 ] CVE-2014-1700

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700

[ 4 ] CVE-2014-1701

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701

[ 5 ] CVE-2014-1702

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702

[ 6 ] CVE-2014-1703

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703

[ 7 ] CVE-2014-1704

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704

[ 8 ] CVE-2014-1705

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705

[ 9 ] CVE-2014-1713

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713

[ 10 ] CVE-2014-1714

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714

[ 11 ] CVE-2014-1715

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715

[ 12 ] CVE-2014-1716

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716

[ 13 ] CVE-2014-1717

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717

[ 14 ] CVE-2014-1718

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718

[ 15 ] CVE-2014-1719

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719

[ 16 ] CVE-2014-1720

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720

[ 17 ] CVE-2014-1721

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721

[ 18 ] CVE-2014-1722

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722

[ 19 ] CVE-2014-1723

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723

[ 20 ] CVE-2014-1724

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724

[ 21 ] CVE-2014-1725

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725

[ 22 ] CVE-2014-1726

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726

[ 23 ] CVE-2014-1727

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727

[ 24 ] CVE-2014-1728

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728

[ 25 ] CVE-2014-1729

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729

[ 26 ] CVE-2014-1730

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730

[ 27 ] CVE-2014-1731

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731

[ 28 ] CVE-2014-1732

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732

[ 29 ] CVE-2014-1733

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733

[ 30 ] CVE-2014-1734

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734

[ 31 ] CVE-2014-1735

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735

[ 32 ] CVE-2014-1740

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740

[ 33 ] CVE-2014-1742

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742

[ 34 ] CVE-2014-1743

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743

[ 35 ] CVE-2014-1744

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744

[ 36 ] CVE-2014-1745

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745

[ 37 ] CVE-2014-1746

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746

[ 38 ] CVE-2014-1747

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747

[ 39 ] CVE-2014-1748

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748

[ 40 ] CVE-2014-1749

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749

[ 41 ] CVE-2014-3154

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154

[ 42 ] CVE-2014-3155

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155

[ 43 ] CVE-2014-3156

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156

[ 44 ] CVE-2014-3157

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157

[ 45 ] CVE-2014-3160

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160

[ 46 ] CVE-2014-3162

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162

[ 47 ] CVE-2014-3165

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165

[ 48 ] CVE-2014-3166

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166

[ 49 ] CVE-2014-3167

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167

[ 50 ] CVE-2014-3168

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168

[ 51 ] CVE-2014-3169

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169

[ 52 ] CVE-2014-3170

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170

[ 53 ] CVE-2014-3171

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171

[ 54 ] CVE-2014-3172

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172

[ 55 ] CVE-2014-3173

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173

[ 56 ] CVE-2014-3174

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174

[ 57 ] CVE-2014-3175

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175

[ 58 ] CVE-2014-3176

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176

[ 59 ] CVE-2014-3177

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-201408-16.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2014 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×