- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium: Multiple vulnerabilities
     Date: August 30, 2014
     Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
           #512944, #517304, #519788, #521276
       ID: 201408-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to execute arbitrary code.

Background
=========
Chromium is an open-source web browser project.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 37.0.2062.94         >= 37.0.2062.94

Description
==========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.

Impact
=====
A remote attacker could conduct a number of attacks which include:
cross site scripting attacks, bypassing of sandbox protection,
potential execution of arbitrary code with the privileges of the
process, or cause a Denial of Service condition.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"

References
=========
[  1 ] CVE-2014-1741
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
[  2 ] CVE-2014-0538
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
[  3 ] CVE-2014-1700
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
[  4 ] CVE-2014-1701
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
[  5 ] CVE-2014-1702
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
[  6 ] CVE-2014-1703
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
[  7 ] CVE-2014-1704
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
[  8 ] CVE-2014-1705
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
[  9 ] CVE-2014-1713
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
[ 10 ] CVE-2014-1714
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
[ 11 ] CVE-2014-1715
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
[ 12 ] CVE-2014-1716
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
[ 13 ] CVE-2014-1717
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
[ 14 ] CVE-2014-1718
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
[ 15 ] CVE-2014-1719
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
[ 16 ] CVE-2014-1720
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
[ 17 ] CVE-2014-1721
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
[ 18 ] CVE-2014-1722
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
[ 19 ] CVE-2014-1723
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
[ 20 ] CVE-2014-1724
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
[ 21 ] CVE-2014-1725
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
[ 22 ] CVE-2014-1726
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
[ 23 ] CVE-2014-1727
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
[ 24 ] CVE-2014-1728
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
[ 25 ] CVE-2014-1729
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
[ 26 ] CVE-2014-1730
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
[ 27 ] CVE-2014-1731
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
[ 28 ] CVE-2014-1732
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
[ 29 ] CVE-2014-1733
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
[ 30 ] CVE-2014-1734
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
[ 31 ] CVE-2014-1735
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
[ 32 ] CVE-2014-1740
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
[ 33 ] CVE-2014-1742
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
[ 34 ] CVE-2014-1743
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
[ 35 ] CVE-2014-1744
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
[ 36 ] CVE-2014-1745
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
[ 37 ] CVE-2014-1746
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
[ 38 ] CVE-2014-1747
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
[ 39 ] CVE-2014-1748
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[ 40 ] CVE-2014-1749
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
[ 41 ] CVE-2014-3154
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
[ 42 ] CVE-2014-3155
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
[ 43 ] CVE-2014-3156
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
[ 44 ] CVE-2014-3157
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
[ 45 ] CVE-2014-3160
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
[ 46 ] CVE-2014-3162
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
[ 47 ] CVE-2014-3165
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
[ 48 ] CVE-2014-3166
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
[ 49 ] CVE-2014-3167
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
[ 50 ] CVE-2014-3168
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
[ 51 ] CVE-2014-3169
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
[ 52 ] CVE-2014-3170
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
[ 53 ] CVE-2014-3171
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
[ 54 ] CVE-2014-3172
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
[ 55 ] CVE-2014-3173
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
[ 56 ] CVE-2014-3174
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
[ 57 ] CVE-2014-3175
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
[ 58 ] CVE-2014-3176
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
[ 59 ] CVE-2014-3177
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201408-16

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201408-16: Chromium: Multiple vulnerabilities

Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.

Summary

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.

Resolution

All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"

References

[ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201408-16

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 30, 2014
Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
ID: 201408-16

Synopsis

Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.

Background

Chromium is an open-source web browser project.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94

Impact

===== A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved