Arch Linux: Urgent ASA-202304-1 Reveals Firefox Remote Code Execution Flaw
Apr 02, 2015
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package chromium before version 41.0.2272.118-1 is vulnerable to remote code execution.
Arch Linux Security Advisory ASA-201504-2 ======================================== Severity: Critical Date : 2015-04-02 CVE-ID : CVE-2015-1233 CVE-2015-1234 Package : chromium Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 41.0.2272.118-1 is vulnerable to remote code execution. Resolution ========= Upgrade to 41.0.2272.118-1. # pacman -Syu "chromium>=41.0.2272.118-1" The problem has been fixed upstream in version 41.0.2272.118. Workaround ========= None. Description ========== - CVE-2015-1233 (remote code execution): A combination of V8, Gamepad and IPC bugs can lead to remote code execution outside of the sandbox. - CVE-2015-1234 (buffer overflow): Buffer overflow via a race condition in GPU. Impact ===== A remote attacker can execute arbitrary code on a vulnerable host, bypassing the sandboxing protection. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1233 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1234 https://chromereleases.googleblog.com/2015/04/stable-channel-update.html https://codereview.chromium.org/1016193003
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!