Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201403-01 ] Chromium, V8: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1571

PostPosted: Wed Mar 05, 2014 11:26 am    Post subject: [ GLSA 201403-01 ] Chromium, V8: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Chromium, V8: Multiple vulnerabilities (GLSA 201403-01)
Severity: normal
Exploitable: remote
Date: March 05, 2014
Bug(s): #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372
ID: 201403-01

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8,
worst of which may allow execution of arbitrary code.


Background

Chromium is an open-source web browser project. V8 is Google’s open
source JavaScript engine.


Affected Packages

Package: www-client/chromium
Vulnerable: < 33.0.1750.146
Unaffected: >= 33.0.1750.146
Architectures: All supported architectures

Package: dev-lang/v8
Vulnerable: < 3.20.17.13
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Chromium and V8. Please
review the CVE identifiers and release notes referenced below for
details.


Impact

A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote attacker
may be able to bypass security restrictions or have other unspecified
impact.


Workaround

There is no known workaround at this time.

Resolution

All chromium users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/chromium-33.0.1750.146"
   
Gentoo has discontinued support for separate V8 package. We recommend
that users unmerge V8:
Code:
# emerge --unmerge "dev-lang/v8"
   


References

CVE-2013-2906
CVE-2013-2907
CVE-2013-2908
CVE-2013-2909
CVE-2013-2910
CVE-2013-2911
CVE-2013-2912
CVE-2013-2913
CVE-2013-2915
CVE-2013-2916
CVE-2013-2917
CVE-2013-2918
CVE-2013-2919
CVE-2013-2920
CVE-2013-2921
CVE-2013-2922
CVE-2013-2923
CVE-2013-2925
CVE-2013-2926
CVE-2013-2927
CVE-2013-2928
CVE-2013-2931
CVE-2013-6621
CVE-2013-6622
CVE-2013-6623
CVE-2013-6624
CVE-2013-6625
CVE-2013-6626
CVE-2013-6627
CVE-2013-6628
CVE-2013-6632
CVE-2013-6634
CVE-2013-6635
CVE-2013-6636
CVE-2013-6637
CVE-2013-6638
CVE-2013-6639
CVE-2013-6640
CVE-2013-6641
CVE-2013-6643
CVE-2013-6644
CVE-2013-6645
CVE-2013-6646
CVE-2013-6649
CVE-2013-6650
CVE-2013-6652
CVE-2013-6653
CVE-2013-6654
CVE-2013-6655
CVE-2013-6656
CVE-2013-6657
CVE-2013-6658
CVE-2013-6659
CVE-2013-6660
CVE-2013-6661
CVE-2013-6663
CVE-2013-6664
CVE-2013-6665
CVE-2013-6666
CVE-2013-6667
CVE-2013-6668
CVE-2013-6802
CVE-2014-1681
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum