Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
98
security advisoryRed Hatsecurity fixRed Hat OpenStack 10.0 RHSA-2017:0882-01 Moderate: v8 Integer Overflow
An update for v8 is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: v8 security update Advisory ID: RHSA-2017:0882-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:0882 Issue date: 2017-04-05 CVE Names: CVE-2016-1669 ==================================================================== 1. Summary: An update for v8 is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - x86_64 3. Description: V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix(es): * An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1335449 - CVE-2016-1669 V8: integer overflow leading to buffer overflow in Zone::New 6. Package List: Red Hat OpenStackPlatform 10.0: Source: v8-3.14.5.10-19.el7ost.src.rpm x86_64: v8-3.14.5.10-19.el7ost.x86_64.rpm v8-debuginfo-3.14.5.10-19.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1669 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY5F99XlSAg2UNWIIRAq79AJ90zVa5Wg0VM2i5YvTh6u6lnDCdtwCfc8mn wbb3wzDdqmRMLqMkc2VARPk=Molc -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 05, 2017
Red Hat
98
security advisorymoderatesecurity updateRed Hat Software Collections 1 RHSA-2014:1744-01 Moderate V8 Update
Updated v8314-v8 packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: v8314-v8 security update Advisory ID: RHSA-2014:1744-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:1744.html Issue date: 2014-10-30 CVE Names: CVE-2013-6639 CVE-2013-6640 CVE-2013-6650 CVE-2013-6668 CVE-2014-1704 CVE-2014-5256 ==================================================================== 1. Summary: Updated v8314-v8 packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8.(CVE-2014-5256) Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8. (CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704) All v8314-v8 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using V8 must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1039888 - CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc 1039889 - CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc 1059070 - CVE-2013-6650 v8: incorrect handling of popular pages 1074737 - CVE-2013-6668 v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146 1077136 - CVE-2014-1704 v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.149 1125464 - CVE-2014-5256 V8 Memory Corruption and Stack Overflow 1149781 - Several performance and security bug fixes from Fedora 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v.6.5): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: v8314-v8-3.14.5.10-6.el6.src.rpm x86_64: v8314-v8-3.14.5.10-6.el6.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el6.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: v8314-v8-3.14.5.10-6.el7.src.rpm x86_64: v8314-v8-3.14.5.10-6.el7.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el7.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: v8314-v8-3.14.5.10-6.el7.src.rpm x86_64: v8314-v8-3.14.5.10-6.el7.x86_64.rpm v8314-v8-debuginfo-3.14.5.10-6.el7.x86_64.rpm v8314-v8-devel-3.14.5.10-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6639 https://access.redhat.com/security/cve/CVE-2013-6640 https://access.redhat.com/security/cve/CVE-2013-6650 https://access.redhat.com/security/cve/CVE-2013-6668 https://access.redhat.com/security/cve/CVE-2014-1704 https://access.redhat.com/security/cve/CVE-2014-5256 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. . Ubuntu releases a significant security patch for version j8256-b3 that resolves various high-priority vulnerabilities. Update is advised.. Red Hat Software Collections, V8314-V8 Advisory, JavaScript Engine. . LinuxSecurity.com Team
Oct 30, 2014
Red Hat
91
security advisorygentoocode executionGentoo: GLSA-201403-01 Normal: Chromium and V8 Code Execution Risks
Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 05, 2014 Bugs: #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372 ID: 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Background ========= Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 > = 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ===== A context-dependent attacker could enticea user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround ========= There is no known workaround at this time. Resolution ========= All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/chromium-33.0.1750.146" Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: # emerge --unmerge "dev-lang/v8" References ========= [ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ]CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201403-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 05, 2014
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA 201309-16 High: Chromium, V8 Arbitrary Code Execution
Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========= Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 > = 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 > = 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ===== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, aremote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/v8-3.18.5.14" References ========= [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes23.0.1271.64 https://chromereleases.googleblog.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 https://chromereleases.googleblog.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 https://chromereleases.googleblog.com/2012/11/stable-channel-update_29.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201309-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 25, 2013
Gentoo
202
security advisorysecurity issueupdateopenSUSE 12.1: 2012:0993-1 Important: Chromium, V8 Security Issues
An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.. openSUSE Security Update: update for chromium, v8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0993-1 Rating: important References: #760264 #770821 Cross-References: CVE-2011-3084 CVE-2011-3098 CVE-2012-2842 CVE-2012-2843 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Version upgrade of chromium to address multiple security vulnerabilities. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-516 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): chromedriver-22.0.1226.0-1.29.1 chromedriver-debuginfo-22.0.1226.0-1.29.1 chromium-22.0.1226.0-1.29.1 chromium-debuginfo-22.0.1226.0-1.29.1 chromium-debugsource-22.0.1226.0-1.29.1 chromium-desktop-gnome-22.0.1226.0-1.29.1 chromium-desktop-kde-22.0.1226.0-1.29.1 chromium-suid-helper-22.0.1226.0-1.29.1 chromium-suid-helper-debuginfo-22.0.1226.0-1.29.1 libv8-3-3.12.19.1-1.33.1 libv8-3-debuginfo-3.12.19.1-1.33.1 v8-devel-3.12.19.1-1.33.1 v8-private-headers-devel-3.12.19.1-1.33.1 References: https://www.suse.com/security/cve/CVE-2011-3084.html https://www.suse.com/security/cve/CVE-2011-3098.html https://www.suse.com/security/cve/CVE-2012-2842.html https://www.suse.com/security/cve/CVE-2012-2843.html . Significant openSUSE patch released for Firefox and SpiderMonkey tackling various criticalvulnerabilities. Protect your device immediately.. openSUSE Update, Chromium Security Patch, V8 Update, OS Security Fix. . Severity: Important. LinuxSecurity.com Team
Aug 15, 2012
•Important
OpenSUSE
202
security advisoryupdatesecurity fixopenSUSE: 2012:0656-1 Important: Chromium And V8 Security Updates
An update that fixes 18 vulnerabilities is now available. An update that fixes 18 vulnerabilities is now available. An update that fixes 18 vulnerabilities is now available.. openSUSE Security Update: update for chromium, v8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0656-1 Rating: important References: #762481 Cross-References: CVE-2011-3083 CVE-2011-3084 CVE-2011-3085 CVE-2011-3086 CVE-2011-3087 CVE-2011-3088 CVE-2011-3089 CVE-2011-3090 CVE-2011-3091 CVE-2011-3092 CVE-2011-3093 CVE-2011-3094 CVE-2011-3095 CVE-2011-3096 CVE-2011-3098 CVE-2011-3100 CVE-2011-3101 CVE-2011-3102 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: Chromium update to 21.0.1145 * Fixed several issues around audio not playing with videos * Crash Fixes * Improvements to trackpad on Cr-48 * Security Fixes (bnc#762481) - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI corruption with long autofilled values - CVE-2011-3086: Use-after-free with style element. - CVE-2011-3087: Incorrect window navigation - CVE-2011-3088: Out-of-bounds read in hairline drawing - CVE-2011-3089: Use-after-free in table handling. - CVE-2011-3090: Race condition with workers. - CVE-2011-3091: Use-after-free with indexed DB - CVE-2011-3092: Invalid write in v8 regex - CVE-2011-3093: Out-of-bounds read in glyph handling - CVE-2011-3094: Out-of-bounds read in Tibetan handling - CVE-2011-3095: Out-of-bounds write in OGG container. - CVE-2011-3096: Use-after-free in GTK omnibox handling. - CVE-2011-3098: Bad search path for Windows Media Player plug-in - CVE-2011-3100: Out-of-bounds read drawing dash paths. - CVE-2011-3101: Work around Linux Nvidia driver bug - CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-295 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): chromium-21.0.1145.0-1.23.1 chromium-debuginfo-21.0.1145.0-1.23.1 chromium-debugsource-21.0.1145.0-1.23.1 chromium-desktop-gnome-21.0.1145.0-1.23.1 chromium-desktop-kde-21.0.1145.0-1.23.1 chromium-suid-helper-21.0.1145.0-1.23.1 chromium-suid-helper-debuginfo-21.0.1145.0-1.23.1 libv8-3-3.11.3.0-1.27.1 libv8-3-debuginfo-3.11.3.0-1.27.1 v8-debugsource-3.11.3.0-1.27.1 v8-devel-3.11.3.0-1.27.1 v8-private-headers-devel-3.11.3.0-1.27.1 References: https://www.suse.com/security/cve/CVE-2011-3083.html https://www.suse.com/security/cve/CVE-2011-3084.html https://www.suse.com/security/cve/CVE-2011-3085.html https://www.suse.com/security/cve/CVE-2011-3086.html https://www.suse.com/security/cve/CVE-2011-3087.html https://www.suse.com/security/cve/CVE-2011-3088.html https://www.suse.com/security/cve/CVE-2011-3089.html https://www.suse.com/security/cve/CVE-2011-3090.html https://www.suse.com/security/cve/CVE-2011-3091.html https://www.suse.com/security/cve/CVE-2011-3092.html https://www.suse.com/security/cve/CVE-2011-3093.html https://www.suse.com/security/cve/CVE-2011-3094.html https://www.suse.com/security/cve/CVE-2011-3095.html https://www.suse.com/security/cve/CVE-2011-3096.html https://www.suse.com/security/cve/CVE-2011-3098.html https://www.suse.com/security/cve/CVE-2011-3100.html https://www.suse.com/security/cve/CVE-2011-3101.html https://www.suse.com/security/cve/CVE-2011-3102.html . Essential enhancements are available for chromium and v8 on openSUSE, addressing various security flaws to bolster protection.. openSUSE updates, chromium security, v8 vulnerabilities. . Severity: Important. LinuxSecurity.com Team
May 29, 2012
•Important
OpenSUSE
91
security advisorygentoosoftware updateGentoo: GLSA-201205-04 Normal: Chromium and V8 Code Execution
Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201205-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: May 27, 2012 Bugs: #417321 ID: 201205-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========= Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 19.0.1084.52 > = 19.0.1084.52 2 dev-lang/v8 < 3.9.24.28 > = 3.9.24.28 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ===== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge--ask --oneshot -v "> =www-client/chromium-19.0.1084.52" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/v8-3.9.24.28" References ========= [ 1 ] CVE-2011-3103 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3103 [ 2 ] CVE-2011-3104 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3104 [ 3 ] CVE-2011-3105 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3105 [ 4 ] CVE-2011-3106 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3106 [ 5 ] CVE-2011-3107 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3107 [ 6 ] CVE-2011-3108 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3108 [ 7 ] CVE-2011-3109 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3109 [ 8 ] CVE-2011-3111 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3111 [ 9 ] CVE-2011-3115 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3115 [ 10 ] Release Notes 19.0.1084.52 https://chromereleases.googleblog.com/2012/05/stable-channel-update_23.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201205-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
May 27, 2012
Gentoo
91
security advisorygentoocode executionGentoo: GLSA-202310-01 Normal: Python3 Security Vulnerabilities Identified
Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201205-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: May 21, 2012 Bugs: #416119 ID: 201205-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========= Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 19.0.1084.46 > = 19.0.1084.46 2 dev-lang/v8 < 3.9.24.21 > = 3.9.24.21 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ===== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge--ask --oneshot -v "> =www-client/chromium-19.0.1084.46" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/v8-3.9.24.21" References ========= [ 1 ] CVE-2011-3083 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083 [ 2 ] CVE-2011-3084 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084 [ 3 ] CVE-2011-3085 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085 [ 4 ] CVE-2011-3086 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086 [ 5 ] CVE-2011-3087 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3087 [ 6 ] CVE-2011-3088 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3088 [ 7 ] CVE-2011-3089 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089 [ 8 ] CVE-2011-3090 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3090 [ 9 ] CVE-2011-3091 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3091 [ 10 ] CVE-2011-3092 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3092 [ 11 ] CVE-2011-3093 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3093 [ 12 ] CVE-2011-3094 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3094 [ 13 ] CVE-2011-3095 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3095 [ 14 ] CVE-2011-3096 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3096 [ 15 ] CVE-2011-3100 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3100 [ 16 ] CVE-2011-3101 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3101 [ 17 ] Release Notes 19.0.1084.46 https://chromereleases.googleblog.com/2012/05/stable-channel-update.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201205-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users'machines is of utmost importance to us. Any security concerns should be addressed to
May 21, 2012
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!