1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2920-1] chromium-browser security update

    From Michael Gilbert@1:229/2 to All on Sat May 3 23:50:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2920-1 [email protected] http://www.debian.org/security/ Michael Gilbert
    May 03, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium-browser
    CVE ID : CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733
    CVE-2014-1734 CVE-2014-1735 CVE-2014-1736

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2014-1730

    A type confusion issue was discovered in the v8 javascript library.

    CVE-2014-1731

    John Butler discovered a type confusion issue in the WebKit/Blink
    document object model implementation.

    CVE-2014-1732

    Khalil Zhani discovered a use-after-free issue in the speech
    recognition feature.

    CVE-2014-1733

    Jed Davis discovered a way to bypass the seccomp-bpf sandbox.

    CVE-2014-1734

    The Google Chrome development team discovered and fixed multiple
    issues with potential security impact.

    CVE-2014-1735

    The Google Chrome development team discovered and fixed multiple
    issues in version 3.24.35.33 of the v8 javascript library.

    CVE-2014-1736

    SkyLined discovered an integer overlflow issue in the v8 javascript
    library.

    For the stable distribution (wheezy), these problems have been fixed in
    version 34.0.1847.132-1~deb7u1.

    For the testing distribution (jessie), these problems will be fixed soon.

    For the unstable distribution (sid), these problems have been fixed in
    version 34.0.1847.132-1.

    We recommend that you upgrade your chromium-browser packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQQcBAEBCgAGBQJTZWJ6AAoJELjWss0C1vRzK+sgALIEDCn9Ud3owKNxdM6sglkB /yx9toTplWx2reGXn4qyfNPtxQMbS9AyIhcLEKMbIIrXaEY9CjB+JhfP6IC0RPCJ NLPd21uDo63LhiCkgtbNgftPcDK6NwaPy67Uui64zI/MkB6me4C3ECZB2nxmjNAO 0OJQMDQv217ei1w8QCIofouUbJU4Vq56mxpX7tEVUPJkgA6FE4aUNcrxKcKhdnxU WtUW49d1Q+6RcJjthugyWppzb9N+0ClxNpRADzMa5jgaiQxEBuRJewipiJhTQg5l XTB2o6V8G/+NWEqTJPe7t+QKwERE9yUp4pyiwMolttJffKm7ipgbDdIHTan/LYfu A5CQFT7cre7l4r90YtgAo/da/kwDs6whTAoiFb6hxhLLgarpsO5WjMFrCeGHZek1 weOMO6VbhLDaHJHKQOnIy2shhG850OX4twLznOnqZ2x3XcurhqjZEg8XaiFRQiPU p8d2Qy25XraAQ8fG71LKN7M5h6q8yWkofZFrVysNOSu7zeadZUfmO7OXE9vO4Gqu bA8P/1ihaH0+KcUJsd7yP0Lv+avtww++/4Ak1msUn95OiOynjuJ1e5VtEQFFyRDj fRWcJcG1ssKCIKB8lSuqVXcEyYDS5LpfRTcWJq/6Jutz+N5axWYlDBMZwq75CULR EkW6oUrZtq9dACLTBNtRqPF7ClBV6x42lgZ3nfKTly84/nS3tpsfQv8oKDRsckzm GsJPl/DKm/D73kJyZEqYChxiKE3i4WYmsjltcCXQi0PJzEqGnvFaWsAPISD3EEYz nIwpjBMXAYFyVwp16UcNj7uVjlf9ZQetY5dVEF//I3jjTUMWFadHQ0IYZaHpYRle ZC0fKv6xqGN5krE6ommWvAgkLlQdlupU+FT8abaXWyrnWTHTGi2bOFe0wlXzdUPh gp7zgaOehCI7CsMUxK8VeRXF19K4x1KfGUA+VVUsvXF5G5D6Ucowybi6ObTPqFDA LHDrIIL44cnPU4BqZ/KRfN/f0hfu1hHHD7TmonHbt7JeWIFqEWDvtDI4hx4kjaYc nHt1ZyK2YyGRZwJ8drhJi1+iYSRApx36nvIOZn6fa8rZDCqE1VObPOr6lyexuhge tnTDQta21hkXnyTEs/lYRbWK4K0KK4AXyWCtbiAJOe65/9eSd5Yq48dbfPBLUJSe XKFKhkTo0FNDLB2MsgVikTptvpiFG8dwoOrWqCBz9z23eAhFmVGM/vciNBLNyy2B QtSLd4+VSd/za51sldpN6ZFG4CTm6Z5NWGEnNxptHw5iE6cQHior+snS65HzbsQ5 ykJ5HqSGIsGLSkdeKC44XOfBUU9jU14llMOdf5OKx9vfmX/Hl3T0Z+jWwHpKpWk=
    =/B/T
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)