- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium, V8: Multiple vulnerabilities
     Date: March 05, 2014
     Bugs: #486742, #488148, #491128, #491326, #493364, #498168,
           #499502, #501948, #503372
       ID: 201403-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been reported in Chromium and V8, worst
of which may allow execution of arbitrary code.

Background
=========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium      < 33.0.1750.146        >= 33.0.1750.146 
  2  dev-lang/v8                < 3.20.17.13               Vulnerable!
    -------------------------------------------------------------------
     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.
    -------------------------------------------------------------------
     2 affected packages

Description
==========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.

Impact
=====
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other
unspecified impact.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.146"

Gentoo has discontinued support for separate V8 package. We recommend
that users unmerge V8:

  # emerge --unmerge "dev-lang/v8"

References
=========
[  1 ] CVE-2013-2906
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906
[  2 ] CVE-2013-2907
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907
[  3 ] CVE-2013-2908
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908
[  4 ] CVE-2013-2909
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909
[  5 ] CVE-2013-2910
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910
[  6 ] CVE-2013-2911
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911
[  7 ] CVE-2013-2912
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912
[  8 ] CVE-2013-2913
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913
[  9 ] CVE-2013-2915
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915
[ 10 ] CVE-2013-2916
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916
[ 11 ] CVE-2013-2917
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917
[ 12 ] CVE-2013-2918
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918
[ 13 ] CVE-2013-2919
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919
[ 14 ] CVE-2013-2920
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920
[ 15 ] CVE-2013-2921
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921
[ 16 ] CVE-2013-2922
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922
[ 17 ] CVE-2013-2923
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923
[ 18 ] CVE-2013-2925
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925
[ 19 ] CVE-2013-2926
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926
[ 20 ] CVE-2013-2927
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927
[ 21 ] CVE-2013-2928
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928
[ 22 ] CVE-2013-2931
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931
[ 23 ] CVE-2013-6621
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621
[ 24 ] CVE-2013-6622
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622
[ 25 ] CVE-2013-6623
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623
[ 26 ] CVE-2013-6624
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624
[ 27 ] CVE-2013-6625
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625
[ 28 ] CVE-2013-6626
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626
[ 29 ] CVE-2013-6627
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627
[ 30 ] CVE-2013-6628
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628
[ 31 ] CVE-2013-6632
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632
[ 32 ] CVE-2013-6634
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634
[ 33 ] CVE-2013-6635
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635
[ 34 ] CVE-2013-6636
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636
[ 35 ] CVE-2013-6637
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637
[ 36 ] CVE-2013-6638
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638
[ 37 ] CVE-2013-6639
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639
[ 38 ] CVE-2013-6640
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640
[ 39 ] CVE-2013-6641
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641
[ 40 ] CVE-2013-6643
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643
[ 41 ] CVE-2013-6644
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644
[ 42 ] CVE-2013-6645
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645
[ 43 ] CVE-2013-6646
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646
[ 44 ] CVE-2013-6649
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649
[ 45 ] CVE-2013-6650
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650
[ 46 ] CVE-2013-6652
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652
[ 47 ] CVE-2013-6653
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653
[ 48 ] CVE-2013-6654
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654
[ 49 ] CVE-2013-6655
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655
[ 50 ] CVE-2013-6656
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656
[ 51 ] CVE-2013-6657
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657
[ 52 ] CVE-2013-6658
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658
[ 53 ] CVE-2013-6659
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659
[ 54 ] CVE-2013-6660
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660
[ 55 ] CVE-2013-6661
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661
[ 56 ] CVE-2013-6663
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663
[ 57 ] CVE-2013-6664
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664
[ 58 ] CVE-2013-6665
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665
[ 59 ] CVE-2013-6666
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666
[ 60 ] CVE-2013-6667
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667
[ 61 ] CVE-2013-6668
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668
[ 62 ] CVE-2013-6802
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802
[ 63 ] CVE-2014-1681
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201403-01

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201403-01: Chromium, V8: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code.

Summary

Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.

Resolution

All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.146"
Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8:
# emerge --unmerge "dev-lang/v8"

References

[ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ] CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201403-01

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Chromium, V8: Multiple vulnerabilities
Date: March 05, 2014
Bugs: #486742, #488148, #491128, #491326, #493364, #498168,
ID: 201403-01

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code.

Background

Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages

Impact

===== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved