Saturday, May 31, 2014

[SECURITY] [DSA 2939-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2939-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
May 31, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746
CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152

Several vulnerabilities were discovered in the chromium web browser.

CVE-2014-1743

cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
document object model implementation.

CVE-2014-1744

Aaron Staple discovered an integer overflow issue in audio input
handling.

CVE-2014-1745

Atte Kettunen discovered a use-after-free issue in the Blink/Webkit
scalable vector graphics implementation.

CVE-2014-1746

Holger Fuhrmannek discovered an out-of-bounds read issue in the URL
protocol implementation for handling media.

CVE-2014-1747

packagesu discovered a cross-site scripting issue involving
malformed MHTML files.

CVE-2014-1748

Jordan Milne discovered a user interface spoofing issue.

CVE-2014-1749

The Google Chrome development team discovered and fixed multiple
issues with potential security impact.

CVE-2014-3152

An integer underflow issue was discovered in the v8 javascript
library.

For the stable distribution (wheezy), these problems have been fixed in
version 35.0.1916.114-1~deb7u2.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 35.0.1916.114-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJTiYO1AAoJELjWss0C1vRz2cMf/ixDiv7EKNOdYllZu0pGCtPu
wQ2G+zBv3EIV4vsmXzhp4sQS2hK2U4FLtCJz8lR3tSjOYkVca4sEAdKIp7kpsVMM
OONydls7xoiJGgUT5DU38SFHXtJ9svhx54ENY+1MY7+DZerfRqTWt7Hl87G2Tw0M
VctpPkY6z93qlREF2RQTnuMYiBzpK5cuwqRbvbgZHODYDoDb1PnIsV+g9kIha4I+
XE4zC2GAsQnf3StxEZXY+SQ/Xoqr+LDaMo1xq2mJ/8X+SERlMPEWOZXtFn4OMO51
C7WO3jwSvZcHqpj/85milzUafkYb/C8URpXb6QdOape5Sga7zTVHHxP06VAcG5Rs
9ZndOqPb6D8dchCBOGdM7cNZ/8vWyn01kT6XgWwySq1EsF1hA6oX9FWtteijpOpX
9SxtDhQTcb/oUKjWYoc7czudBl85y9ZBUVEmh7AoOrsiMbM/TT3p71+z0zAPILV9
ksbn5eLgzMY4dXr2CO4FjnCztx6Nq1QSP2sWa7x/bnHHc3KFI7UirlGRpa6Ke417
q0Mj2BnlQCli684dffV66jYUrr/6OamzJr8LzR1iM4/UWRkN5rmm6diSqm0CXPTn
Mfo/7Qe8g2gr6jKibb9ZOBy/pmwvLgnslvWpkk8LbvgrNVrizbl6zoWc7B/Gh/Z2
xBXkVEwptEltAeShDBvroAnLFbBlEV6TqncF1+evJKA4c8vcbBkjQMHVJ720V4jE
c9YbQGQnegOLwODHQujYYoQpu4xhBZir/Kzl3dcBLDTLTrb/+MqyGaHyNMl9XU83
dYJGh05pTnvwwsOZzJz7G78ZTWkw5ocpuj6a/lQGTK6nW5XD+UScgV5c1qCxLOw7
fqmYripUx7uFPf7Fz85XZNGVO+GU7rKV7M4np2MzvsGOavo3VJKBnx//vJd3CDsu
R88G0rGFPzKCKjYMMkHjC+A5tls2SHH+nzUm7ZV8gknMGJX7YgvDIg4Tg8qsKLQj
uktm9VDUa3whrT3AdCSjw/Fjr70S/J96ZF59s4qfZmqqNEQ0xs3gYX9is9ufNI+8
fPUHv0bogLmngZjulfulmrsX/Ai5bpnSph2gG6uIks5d82iQrco9cS87/rd1hovK
ZNV7jJlQE6t1bB2A8JH/UZn3l+yy/guanKdGwiJOZT4UMqY/hurfZDfFKHIBejZl
03D3Gxd7oGi31nO7EvXGRjLm0xw0dNN+CBzRsxrRu2WPbbWh2OWwr9UrcEF3jdqR
7dBA/UVCEKloOEZuu2H3vrko1mhewy4C7aAvQS2ZWBzUp8weQ9NZl9bR8KimcsSH
xM6qzuZhfH1xY+sYfROnuoyuQK4edf5rssE4jowL3CzHAiFLw8fL9//xlbZRqTw=
=Tlbj
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/E1Wqdh0-0004OL-5G@alpha.psidef.org

No comments:

Post a Comment