Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201309-16 ] Chromium, V8: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1558

PostPosted: Wed Sep 25, 2013 2:26 am    Post subject: [ GLSA 201309-16 ] Chromium, V8: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Chromium, V8: Multiple vulnerabilities (GLSA 201309-16)
Severity: high
Exploitable: remote
Date: September 24, 2013
Updated: September 25, 2013
Bug(s): #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990
ID: 201309-16

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8,
some of which may allow execution of arbitrary code.


Background

Chromium is an open-source web browser project. V8 is Google’s open
source JavaScript engine.


Affected Packages

Package: www-client/chromium
Vulnerable: < 29.0.1457.57
Unaffected: >= 29.0.1457.57
Architectures: All supported architectures

Package: dev-lang/v8
Vulnerable: < 3.18.5.14
Unaffected: >= 3.18.5.14
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Chromium and V8. Please
review the CVE identifiers and release notes referenced below for
details.


Impact

A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote attacker
may be able to bypass security restrictions or have other, unspecified,
impact.


Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/chromium-29.0.1457.57"
   
All V8 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
   


References

CVE-2012-5116
CVE-2012-5117
CVE-2012-5118
CVE-2012-5120
CVE-2012-5121
CVE-2012-5122
CVE-2012-5123
CVE-2012-5124
CVE-2012-5125
CVE-2012-5126
CVE-2012-5127
CVE-2012-5128
CVE-2012-5130
CVE-2012-5132
CVE-2012-5133
CVE-2012-5135
CVE-2012-5136
CVE-2012-5137
CVE-2012-5138
CVE-2012-5139
CVE-2012-5140
CVE-2012-5141
CVE-2012-5142
CVE-2012-5143
CVE-2012-5144
CVE-2012-5145
CVE-2012-5146
CVE-2012-5147
CVE-2012-5148
CVE-2012-5149
CVE-2012-5150
CVE-2012-5151
CVE-2012-5152
CVE-2012-5153
CVE-2012-5154
CVE-2013-0828
CVE-2013-0829
CVE-2013-0830
CVE-2013-0831
CVE-2013-0832
CVE-2013-0833
CVE-2013-0834
CVE-2013-0835
CVE-2013-0836
CVE-2013-0837
CVE-2013-0838
CVE-2013-0839
CVE-2013-0840
CVE-2013-0841
CVE-2013-0842
CVE-2013-0879
CVE-2013-0880
CVE-2013-0881
CVE-2013-0882
CVE-2013-0883
CVE-2013-0884
CVE-2013-0885
CVE-2013-0887
CVE-2013-0888
CVE-2013-0889
CVE-2013-0890
CVE-2013-0891
CVE-2013-0892
CVE-2013-0893
CVE-2013-0894
CVE-2013-0895
CVE-2013-0896
CVE-2013-0897
CVE-2013-0898
CVE-2013-0899
CVE-2013-0900
CVE-2013-0902
CVE-2013-0903
CVE-2013-0904
CVE-2013-0905
CVE-2013-0906
CVE-2013-0907
CVE-2013-0908
CVE-2013-0909
CVE-2013-0910
CVE-2013-0911
CVE-2013-0912
CVE-2013-0916
CVE-2013-0917
CVE-2013-0918
CVE-2013-0919
CVE-2013-0920
CVE-2013-0921
CVE-2013-0922
CVE-2013-0923
CVE-2013-0924
CVE-2013-0925
CVE-2013-0926
CVE-2013-2836
CVE-2013-2837
CVE-2013-2838
CVE-2013-2839
CVE-2013-2840
CVE-2013-2841
CVE-2013-2842
CVE-2013-2843
CVE-2013-2844
CVE-2013-2845
CVE-2013-2846
CVE-2013-2847
CVE-2013-2848
CVE-2013-2849
CVE-2013-2853
CVE-2013-2855
CVE-2013-2856
CVE-2013-2857
CVE-2013-2858
CVE-2013-2859
CVE-2013-2860
CVE-2013-2861
CVE-2013-2862
CVE-2013-2863
CVE-2013-2865
CVE-2013-2867
CVE-2013-2868
CVE-2013-2869
CVE-2013-2870
CVE-2013-2871
CVE-2013-2874
CVE-2013-2875
CVE-2013-2876
CVE-2013-2877
CVE-2013-2878
CVE-2013-2879
CVE-2013-2880
CVE-2013-2881
CVE-2013-2882
CVE-2013-2883
CVE-2013-2884
CVE-2013-2885
CVE-2013-2886
CVE-2013-2887
CVE-2013-2900
CVE-2013-2901
CVE-2013-2902
CVE-2013-2903
CVE-2013-2904
CVE-2013-2905

Release Notes 23.0.1271.64


Release Notes 23.0.1271.91


Release Notes 23.0.1271.95


Last edited by GLSA on Thu Sep 26, 2013 4:32 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum