Gentoo: GLSA-201408-16: Chromium: Multiple vulnerabilities

    Date 29 Aug 2014
    124
    Posted By LinuxSecurity Advisories
    Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory                           GLSA 201408-16
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
     Severity: Normal
        Title: Chromium: Multiple vulnerabilities
         Date: August 30, 2014
         Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
               #512944, #517304, #519788, #521276
           ID: 201408-16
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    Synopsis
    ========
    
    Multiple vulnerabilities have been found in Chromium, the worst of
    which can allow remote attackers to execute arbitrary code.
    
    Background
    ==========
    
    Chromium is an open-source web browser project.
    
    Affected packages
    =================
    
        -------------------------------------------------------------------
         Package              /     Vulnerable     /            Unaffected
        -------------------------------------------------------------------
      1  www-client/chromium       < 37.0.2062.94         >= 37.0.2062.94
    
    Description
    ===========
    
    Multiple vulnerabilities have been discovered in Chromium. Please
    review the CVE identifiers referenced below for details.
    
    Impact
    ======
    
    A remote attacker could conduct a number of attacks which include:
    cross site scripting attacks, bypassing of sandbox protection,
    potential execution of arbitrary code with the privileges of the
    process, or cause a Denial of Service condition.
    
    Workaround
    ==========
    
    There is no known workaround at this time.
    
    Resolution
    ==========
    
    All chromium users should upgrade to the latest version:
    
      # emerge --sync
      # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
    
    References
    ==========
    
    [  1 ] CVE-2014-1741
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
    [  2 ] CVE-2014-0538
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
    [  3 ] CVE-2014-1700
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
    [  4 ] CVE-2014-1701
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
    [  5 ] CVE-2014-1702
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
    [  6 ] CVE-2014-1703
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
    [  7 ] CVE-2014-1704
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
    [  8 ] CVE-2014-1705
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
    [  9 ] CVE-2014-1713
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
    [ 10 ] CVE-2014-1714
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
    [ 11 ] CVE-2014-1715
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
    [ 12 ] CVE-2014-1716
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
    [ 13 ] CVE-2014-1717
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
    [ 14 ] CVE-2014-1718
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
    [ 15 ] CVE-2014-1719
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
    [ 16 ] CVE-2014-1720
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
    [ 17 ] CVE-2014-1721
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
    [ 18 ] CVE-2014-1722
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
    [ 19 ] CVE-2014-1723
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
    [ 20 ] CVE-2014-1724
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
    [ 21 ] CVE-2014-1725
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
    [ 22 ] CVE-2014-1726
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
    [ 23 ] CVE-2014-1727
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
    [ 24 ] CVE-2014-1728
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
    [ 25 ] CVE-2014-1729
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
    [ 26 ] CVE-2014-1730
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
    [ 27 ] CVE-2014-1731
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
    [ 28 ] CVE-2014-1732
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
    [ 29 ] CVE-2014-1733
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
    [ 30 ] CVE-2014-1734
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
    [ 31 ] CVE-2014-1735
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
    [ 32 ] CVE-2014-1740
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
    [ 33 ] CVE-2014-1742
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
    [ 34 ] CVE-2014-1743
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
    [ 35 ] CVE-2014-1744
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
    [ 36 ] CVE-2014-1745
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
    [ 37 ] CVE-2014-1746
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
    [ 38 ] CVE-2014-1747
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
    [ 39 ] CVE-2014-1748
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
    [ 40 ] CVE-2014-1749
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
    [ 41 ] CVE-2014-3154
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
    [ 42 ] CVE-2014-3155
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
    [ 43 ] CVE-2014-3156
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
    [ 44 ] CVE-2014-3157
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
    [ 45 ] CVE-2014-3160
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
    [ 46 ] CVE-2014-3162
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
    [ 47 ] CVE-2014-3165
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
    [ 48 ] CVE-2014-3166
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
    [ 49 ] CVE-2014-3167
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
    [ 50 ] CVE-2014-3168
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
    [ 51 ] CVE-2014-3169
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
    [ 52 ] CVE-2014-3170
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
    [ 53 ] CVE-2014-3171
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
    [ 54 ] CVE-2014-3172
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
    [ 55 ] CVE-2014-3173
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
    [ 56 ] CVE-2014-3174
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
    [ 57 ] CVE-2014-3175
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
    [ 58 ] CVE-2014-3176
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
    [ 59 ] CVE-2014-3177
           https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
    
    Availability
    ============
    
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    
     https://security.gentoo.org/glsa/glsa-201408-16.xml
    
    Concerns?
    =========
    
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to
    This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at
    https://bugs.gentoo.org.
    
    License
    =======
    
    Copyright 2014 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    
    https://creativecommons.org/licenses/by-sa/2.5
    
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"2","type":"x","order":"1","pct":40,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"2","type":"x","order":"2","pct":40,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.