You are here
Home > Preporuke > Višestruke ranjivosti programskog paketa chromium

Višestruke ranjivosti programskog paketa chromium

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201403-01
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
http://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Chromium, V8: Multiple vulnerabilities
Date: March 05, 2014
Bugs: #486742, #488148, #491128, #491326, #493364, #498168,
#499502, #501948, #503372
ID: 201403-01

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been reported in Chromium and V8, worst
of which may allow execution of arbitrary code.

Background
==========

Chromium is an open-source web browser project. V8 is Google’s open
source JavaScript engine.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146
2 dev-lang/v8 < 3.20.17.13 Vulnerable!
——————————————————————-
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
——————————————————————-
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.

Impact
======

A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other
unspecified impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All chromium users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=www-client/chromium-33.0.1750.146”

Gentoo has discontinued support for separate V8 package. We recommend
that users unmerge V8:

# emerge –unmerge “dev-lang/v8”

References
==========

[ 1 ] CVE-2013-2906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906
[ 2 ] CVE-2013-2907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907
[ 3 ] CVE-2013-2908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908
[ 4 ] CVE-2013-2909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909
[ 5 ] CVE-2013-2910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910
[ 6 ] CVE-2013-2911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911
[ 7 ] CVE-2013-2912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912
[ 8 ] CVE-2013-2913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913
[ 9 ] CVE-2013-2915
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915
[ 10 ] CVE-2013-2916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916
[ 11 ] CVE-2013-2917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917
[ 12 ] CVE-2013-2918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918
[ 13 ] CVE-2013-2919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919
[ 14 ] CVE-2013-2920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920
[ 15 ] CVE-2013-2921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921
[ 16 ] CVE-2013-2922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922
[ 17 ] CVE-2013-2923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923
[ 18 ] CVE-2013-2925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925
[ 19 ] CVE-2013-2926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926
[ 20 ] CVE-2013-2927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927
[ 21 ] CVE-2013-2928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928
[ 22 ] CVE-2013-2931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931
[ 23 ] CVE-2013-6621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621
[ 24 ] CVE-2013-6622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622
[ 25 ] CVE-2013-6623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623
[ 26 ] CVE-2013-6624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624
[ 27 ] CVE-2013-6625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625
[ 28 ] CVE-2013-6626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626
[ 29 ] CVE-2013-6627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627
[ 30 ] CVE-2013-6628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628
[ 31 ] CVE-2013-6632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632
[ 32 ] CVE-2013-6634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634
[ 33 ] CVE-2013-6635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635
[ 34 ] CVE-2013-6636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636
[ 35 ] CVE-2013-6637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637
[ 36 ] CVE-2013-6638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638
[ 37 ] CVE-2013-6639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639
[ 38 ] CVE-2013-6640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640
[ 39 ] CVE-2013-6641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641
[ 40 ] CVE-2013-6643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643
[ 41 ] CVE-2013-6644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644
[ 42 ] CVE-2013-6645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645
[ 43 ] CVE-2013-6646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646
[ 44 ] CVE-2013-6649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649
[ 45 ] CVE-2013-6650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650
[ 46 ] CVE-2013-6652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652
[ 47 ] CVE-2013-6653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653
[ 48 ] CVE-2013-6654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654
[ 49 ] CVE-2013-6655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655
[ 50 ] CVE-2013-6656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656
[ 51 ] CVE-2013-6657
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657
[ 52 ] CVE-2013-6658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658
[ 53 ] CVE-2013-6659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659
[ 54 ] CVE-2013-6660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660
[ 55 ] CVE-2013-6661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661
[ 56 ] CVE-2013-6663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663
[ 57 ] CVE-2013-6664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664
[ 58 ] CVE-2013-6665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665
[ 59 ] CVE-2013-6666
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666
[ 60 ] CVE-2013-6667
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667
[ 61 ] CVE-2013-6668
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668
[ 62 ] CVE-2013-6802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802
[ 63 ] CVE-2014-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201403-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iJwEAQECAAYFAlMXCVMACgkQG9wOWsQutdb0AgQAlhd7PBKlpIPYesx9rZQB2fby
JwzsCG6qAb44pv1CYSQcy79wmn74yyEBeV2UOzKvXk9E65DCXkRM7TG1WdzE9lDe
PZSTSKuUUKr6RJf9MUkLdR/gDI7KzZ9JM0Id/GByPWik8zB+i1zNqVYF/NoSNsIn
GFljSAvJ7Hg4TD6DcRU=
=FdOD
—–END PGP SIGNATURE—–
7e

Top
More in Preporuke
Višestruki sigurnosni propusti programskog paketa activemq

Otkriveni su višestruki propusti programskog paketa activemq za Red Hat OpenShift Enterprise 1.2.7. Propusti su pronađeni kod parsera Apache Camel,...

Close