You are here
Home > Preporuke > Ranjivost v8 javascript mehanizma

Ranjivost v8 javascript mehanizma

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2014-04-02 07:53:15

Name : v8
Product : Fedora 20
Version :
Release : 7.fc20
Summary : JavaScript Engine
Description :
V8 is Google’s open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.

Update Information:

Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1704 to the following vulnerability:


Multiple unspecified vulnerabilities in Google V8 before, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Only one vulnerability in this CVE affects v8- in Fedora. This update fixes the vulnerability involving unsigned integer arithmetic.

* Tue Mar 18 2014 T.C. Hollingsworth <> – 1:
– backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704)
* Mon Feb 24 2014 Tomas Hrcka <> – 1:
– Backport fix for incorrect handling of popular pages (RHBZ#1059070; CVE-2013-6640)
* Fri Feb 14 2014 T.C. Hollingsworth <> – 1:
– rebuild for icu-52
* Mon Jan 27 2014 T.C. Hollingsworth <> – 1:
– backport fix for enumeration for objects with lots of properties
* Fri Dec 13 2013 T.C. Hollingsworth <> – 1:
– backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)

[ 1 ] Bug #1077136 – CVE-2014-1704 v8: multiple vulnerabilities in v8 fixed in Google Chrome version 33.0.1750.149

This update can be installed with the “yum” update program. Use
su -c ‘yum update v8’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2014-04-0012-ADV
CveCVE-2014-1704 CVE-2013-6640
ID izvornikaFEDORA-2014-4625
More in Preporuke
Sigurnosni propust programskog paketa oath-toolkit

Otkriven je sigurnosni propust u programskom paketu oath-toolkit za Fedoru 20. Propust se nalazio u zakomentiranim linijama (koje započinju znakom...