Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Fedora 20: 2015-6908 Moderate: V8 ARM Fix for CVE-2014-3152

fedora
Calendar Grey May 8, 2015
Dist Fedora Esm H88
Tackling ARM-related challenges in V8 for Fedora 20, specifically CVE-2014-3152, to bolster platform security.
Fix for ARM-only CVE-2014-3152

Summary

V8 is Google's open source JavaScript engine. V8 is written in C++ and is used

in Google Chrome, the open source browser from Google. V8 implements ECMAScript

as specified in ECMA-262, 3rd edition.

Update Information:

Fix for ARM-only CVE-2014-3152

Topics%20covered

Topics Covered

security advisory security issue Fedora JavaScript engine ARM fix

Change Log

* Thu Apr 23 2015 Tom Callaway - 1:3.14.5.10-18 - backport security fix for ARM - CVE-2014-3152 * Thu Feb 19 2015 T.C. Hollingsworth - 1:3.14.5.10-17 - backports for nodejs 0.10.36 * Mon Jan 26 2015 David Tardon - 1:3.14.5.10-16 - rebuild for ICU 54.1 * Tue Dec 2 2014 Tom Callaway - 1:3.14.5.10-15 - use system valgrind header (bz1141483) * Wed Sep 17 2014 T.C. Hollingsworth - 1:3.14.5.10-14 - backport bugfix that eliminates unused-local-typedefs warning - backport security fix: Fix Hydrogen bounds check elimination (CVE-2013-6668; RHBZ#1086120) - backport fix to segfault caused by the above patch * Tue Aug 26 2014 David Tardon - 1:3.14.5.10-13 - rebuild for ICU 53.1 * Mon Aug 18 2014 Fedora Release Engineering - 1:3.14.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 31 2014 T.C. Hollingsworth - 1:3.14.5.10-11 - backport security fix for memory corruption and stack overflow (RHBZ#1125464) https://groups.google.com/g/nodejs/c/-siJEObdp10/m/2xcqqmTHiEMJ - backport bug fix for x64 MathMinMax for negative untagged int32 arguments. https://github.com/nodejs/node-v0.x-archive/commit/3530fa9cd09f8db8101c4649cab03bcdf760c434 * Thu Jun 19 2014 T.C. Hollingsworth - 1:3.14.5.10-10 - fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528) * Sun Jun 8 2014 Fedora Release Engineering - 1:3.14.5.10-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 3 2014 T.C. Hollingsworth - 1:3.14.5.10-8 - use clock_gettime() instead of gettimeofday(), which increases V8 performance dramatically on virtual machines * Tue Mar 18 2014 T.C. Hollingsworth - 1:3.14.5.10-7 - backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704) * Mon Feb 24 2014 Tomas Hrcka - 1:3.14.5.10-6 - Backport fix for incorrect handling of popular pages (RHBZ#1059070; CVE-2013-6640) * Fri Feb 14 2014 T.C. Hollingsworth - 1:3.14.5.10-5 - rebuild for icu-52 * Mon Jan 27 2014 T.C. Hollingsworth - 1:3.14.5.10-4 - backport fix for enumeration for objects with lots of properties * Fri Dec 13 2013 T.C. Hollingsworth - 1:3.14.5.10-3 - backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)

References


[ 1 ] Bug #1101056 - CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.114 https://bugzilla.redhat.com/show_bug.cgi?id=1101056

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update v8' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: v8
Product: Fedora 20
Version: 3.14.5.10
Release: 18.fc20
URL: https://issues.chromium.org/issues
Summary: JavaScript Engine

Topics%20covered

Topics Covered

security advisory security issue Fedora JavaScript engine ARM fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here