What Are You Looking For?

Sign Up
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201502-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium: Multiple vulnerabilities
     Date: February 17, 2015
     Bugs: #537366, #539094
       ID: 201502-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to cause Denial of Service or gain
escalated privileges.

Background
=========
Chromium is an open-source web browser project.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium      < 40.0.2214.111        >= 40.0.2214.111

Description
==========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.

Impact
=====
A remote attacker may be able to cause a Denial of Service condition,
gain privileges via a filesystem: URI, or have other unspecified
impact.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"

References
=========
[  1 ] CVE-2014-7923
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923
[  2 ] CVE-2014-7924
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924
[  3 ] CVE-2014-7925
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925
[  4 ] CVE-2014-7926
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926
[  5 ] CVE-2014-7927
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927
[  6 ] CVE-2014-7928
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928
[  7 ] CVE-2014-7929
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929
[  8 ] CVE-2014-7930
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930
[  9 ] CVE-2014-7931
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931
[ 10 ] CVE-2014-7932
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932
[ 11 ] CVE-2014-7933
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933
[ 12 ] CVE-2014-7934
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934
[ 13 ] CVE-2014-7935
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935
[ 14 ] CVE-2014-7936
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936
[ 15 ] CVE-2014-7937
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 16 ] CVE-2014-7938
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938
[ 17 ] CVE-2014-7939
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939
[ 18 ] CVE-2014-7940
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940
[ 19 ] CVE-2014-7941
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941
[ 20 ] CVE-2014-7942
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942
[ 21 ] CVE-2014-7943
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943
[ 22 ] CVE-2014-7944
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944
[ 23 ] CVE-2014-7945
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945
[ 24 ] CVE-2014-7946
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946
[ 25 ] CVE-2014-7947
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947
[ 26 ] CVE-2014-7948
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948
[ 27 ] CVE-2014-9646
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646
[ 28 ] CVE-2014-9647
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647
[ 29 ] CVE-2014-9648
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648
[ 30 ] CVE-2015-1205
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205
[ 31 ] CVE-2015-1209
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209
[ 32 ] CVE-2015-1210
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210
[ 33 ] CVE-2015-1211
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211
[ 34 ] CVE-2015-1212
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212
[ 35 ] CVE-2015-1346
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346
[ 36 ] CVE-2015-1359
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359
[ 37 ] CVE-2015-1360
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360
[ 38 ] CVE-2015-1361
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/glsa-201502-13.xml

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-201502-13: Chromium: Multiple vulnerabilities

Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges

Summary

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.

Resolution

All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111"

References

[ 1 ] CVE-2014-7923 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923 [ 2 ] CVE-2014-7924 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924 [ 3 ] CVE-2014-7925 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925 [ 4 ] CVE-2014-7926 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926 [ 5 ] CVE-2014-7927 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927 [ 6 ] CVE-2014-7928 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928 [ 7 ] CVE-2014-7929 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929 [ 8 ] CVE-2014-7930 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930 [ 9 ] CVE-2014-7931 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931 [ 10 ] CVE-2014-7932 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932 [ 11 ] CVE-2014-7933 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933 [ 12 ] CVE-2014-7934 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934 [ 13 ] CVE-2014-7935 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935 [ 14 ] CVE-2014-7936 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936 [ 15 ] CVE-2014-7937 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937 [ 16 ] CVE-2014-7938 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938 [ 17 ] CVE-2014-7939 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939 [ 18 ] CVE-2014-7940 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940 [ 19 ] CVE-2014-7941 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941 [ 20 ] CVE-2014-7942 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942 [ 21 ] CVE-2014-7943 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943 [ 22 ] CVE-2014-7944 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944 [ 23 ] CVE-2014-7945 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945 [ 24 ] CVE-2014-7946 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946 [ 25 ] CVE-2014-7947 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947 [ 26 ] CVE-2014-7948 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948 [ 27 ] CVE-2014-9646 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646 [ 28 ] CVE-2014-9647 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647 [ 29 ] CVE-2014-9648 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648 [ 30 ] CVE-2015-1205 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205 [ 31 ] CVE-2015-1209 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209 [ 32 ] CVE-2015-1210 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210 [ 33 ] CVE-2015-1211 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211 [ 34 ] CVE-2015-1212 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212 [ 35 ] CVE-2015-1346 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346 [ 36 ] CVE-2015-1359 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359 [ 37 ] CVE-2015-1360 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360 [ 38 ] CVE-2015-1361 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/glsa-201502-13.xml

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 17, 2015
Bugs: #537366, #539094
ID: 201502-13

Synopsis

Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges.

Background

Chromium is an open-source web browser project.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111

Impact

===== A remote attacker may be able to cause a Denial of Service condition, gain privileges via a filesystem: URI, or have other unspecified impact.

Workaround

There is no known workaround at this time.

Related News

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Nov 8, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo