Arch Linux Security Advisory ASA-201411-26
=========================================
Severity: High
Date    : 2014-11-20
CVE-ID  : CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902
          CVE-2014-7903 CVE-2014-7904 CVE-2014-7906 CVE-2014-7907
          CVE-2014-7908 CVE-2014-7909 CVE-2014-7910
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE-2014

Summary
======
The package chromium before version 39.0.2171.65-1 is vulnerable to
multiple issues including but not limited to address bar spoofing and
denial of service.

Resolution
=========
Upgrade to 39.0.2171.65-1.

# pacman -Syu "chromium>=39.0.2171.65-1"

The problems have been fixed upstream in version 39.0.2171.65.

Workaround
=========
None.

Description
==========
- CVE-2014-7899 (address bar spoofing)
A flaw allows remote attackers to spoof the address bar by placing a
blob: substring at the beginning of the URL, followed by the original
URI scheme and a long username string.

- CVE-2014-7900 (use-after-free)
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile
function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted PDF document.

- CVE-2014-7901 (integer overflow)
Integer overflow in the opj_t2_read_packet_data function in
fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a long segment in a JPEG image.

- CVE-2014-7902 (use-after-free)
Use-after-free vulnerability in PDFium allows remote attackers to cause
a denial of service or possibly have unspecified other impact via a
crafted PDF document.

- CVE-2014-7903 (buffer overflow)
Buffer overflow in OpenJPEG before r2911 in PDFium allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted JPEG image.

- CVE-2014-7904 (buffer overflow)
Buffer overflow in Skia allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.

- CVE-2014-7906 (use-after-free)
Use-after-free vulnerability in the Pepper plugins allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via crafted Flash content that triggers an attempted
PepperMediaDeviceManager access outside of the object's lifetime.

- CVE-2014-7907 (use-after-free)
Multiple use-after-free vulnerabilities in
modules/screen_orientation/ScreenOrientationController.cpp in Blink
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger improper handling of a
detached frame, related to the (1) lock and (2) unlock methods.

- CVE-2014-7908 (integer overflow)
Multiple integer overflows in the CheckMov function in
media/base/container_names.cc allow remote attackers to cause a denial
of service or possibly have unspecified other impact via a large atom in
(1) MPEG-4 or (2) QuickTime .mov data.

- CVE-2014-7909 (uninitialized memory read)
A flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using
uninitialized integer values, which might allow remote attackers to
cause a denial of service by rendering crafted data.

- CVE-2014-7910 (various issues)
Various issues from internal audits, fuzzing and other initiatives that
allow attackers to cause a denial of service or possibly have other impact.

Impact
=====
A remote attacker is be able to spoof the address bar, cause a denial of
service or possibly have unspecified other impacts.

References
=========
[0]
https://chromereleases.googleblog.com/2014/11/stable-channel-update_18.html

ArchLinux: 201411-26: chromium: multiple issues

November 21, 2014

Summary

- CVE-2014-7899 (address bar spoofing) A flaw allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. - CVE-2014-7900 (use-after-free) Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
- CVE-2014-7901 (integer overflow) Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.
- CVE-2014-7902 (use-after-free) Use-after-free vulnerability in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
- CVE-2014-7903 (buffer overflow) Buffer overflow in OpenJPEG before r2911 in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.
- CVE-2014-7904 (buffer overflow) Buffer overflow in Skia allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7906 (use-after-free) Use-after-free vulnerability in the Pepper plugins allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.
- CVE-2014-7907 (use-after-free) Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.
- CVE-2014-7908 (integer overflow) Multiple integer overflows in the CheckMov function in media/base/container_names.cc allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.
- CVE-2014-7909 (uninitialized memory read) A flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.
- CVE-2014-7910 (various issues) Various issues from internal audits, fuzzing and other initiatives that allow attackers to cause a denial of service or possibly have other impact.

Resolution

Upgrade to 39.0.2171.65-1. # pacman -Syu "chromium>=39.0.2171.65-1"
The problems have been fixed upstream in version 39.0.2171.65.

References

[0] https://chromereleases.googleblog.com/2014/11/stable-channel-update_18.html

Severity
CVE-2014-7903 CVE-2014-7904 CVE-2014-7906 CVE-2014-7907
CVE-2014-7908 CVE-2014-7909 CVE-2014-7910
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE-2014

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved