|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
|
<glsa id="201403-01">
|
|
|
<title>Chromium, V8: Multiple vulnerabilities</title>
|
|
|
<synopsis>Multiple vulnerabilities have been reported in Chromium and V8,
|
|
|
worst of which may allow execution of arbitrary code.
|
|
|
</synopsis>
|
|
|
<product type="ebuild">chromium v8</product>
|
|
|
<announced>2014-03-05</announced>
|
|
|
<revised count="1">2014-03-05</revised>
|
|
|
<bug>486742</bug>
|
|
|
<bug>488148</bug>
|
|
|
<bug>491128</bug>
|
|
|
<bug>491326</bug>
|
|
|
<bug>493364</bug>
|
|
|
<bug>498168</bug>
|
|
|
<bug>499502</bug>
|
|
|
<bug>501948</bug>
|
|
|
<bug>503372</bug>
|
|
|
<access>remote</access>
|
|
|
<affected>
|
|
|
<package name="www-client/chromium" auto="yes" arch="*">
|
|
|
<unaffected range="ge">33.0.1750.146</unaffected>
|
|
|
<vulnerable range="lt">33.0.1750.146</vulnerable>
|
|
|
</package>
|
|
|
<package name="dev-lang/v8" auto="yes" arch="*">
|
|
|
<vulnerable range="lt">3.20.17.13</vulnerable>
|
|
|
</package>
|
|
|
</affected>
|
|
|
<background>
|
|
|
<p>Chromium is an open-source web browser project. V8 is Google’s open
|
|
|
source JavaScript engine.
|
|
|
</p>
|
|
|
</background>
|
|
|
<description>
|
|
|
<p>Multiple vulnerabilities have been discovered in Chromium and V8. Please
|
|
|
review the CVE identifiers and release notes referenced below for
|
|
|
details.
|
|
|
</p>
|
|
|
</description>
|
|
|
<impact type="normal">
|
|
|
<p>A context-dependent attacker could entice a user to open a specially
|
|
|
crafted web site or JavaScript program using Chromium or V8, possibly
|
|
|
resulting in the execution of arbitrary code with the privileges of the
|
|
|
process or a Denial of Service condition. Furthermore, a remote attacker
|
|
|
may be able to bypass security restrictions or have other unspecified
|
|
|
impact.
|
|
|
</p>
|
|
|
</impact>
|
|
|
<workaround>
|
|
|
<p>There is no known workaround at this time.</p>
|
|
|
</workaround>
|
|
|
<resolution>
|
|
|
<p>All chromium users should upgrade to the latest version:</p>
|
|
|
|
|
|
<code>
|
|
|
# emerge --sync
|
|
|
# emerge --ask --oneshot --verbose
|
|
|
">=www-client/chromium-33.0.1750.146"
|
|
|
</code>
|
|
|
|
|
|
<p>Gentoo has discontinued support for separate V8 package. We recommend
|
|
|
that users unmerge V8:
|
|
|
</p>
|
|
|
|
|
|
<code>
|
|
|
# emerge --unmerge "dev-lang/v8"
|
|
|
</code>
|
|
|
</resolution>
|
|
|
<references>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906">CVE-2013-2906</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907">CVE-2013-2907</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908">CVE-2013-2908</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909">CVE-2013-2909</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910">CVE-2013-2910</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911">CVE-2013-2911</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912">CVE-2013-2912</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913">CVE-2013-2913</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915">CVE-2013-2915</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916">CVE-2013-2916</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917">CVE-2013-2917</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918">CVE-2013-2918</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919">CVE-2013-2919</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920">CVE-2013-2920</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921">CVE-2013-2921</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922">CVE-2013-2922</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923">CVE-2013-2923</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925">CVE-2013-2925</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926">CVE-2013-2926</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927">CVE-2013-2927</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928">CVE-2013-2928</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931">CVE-2013-2931</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621">CVE-2013-6621</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622">CVE-2013-6622</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623">CVE-2013-6623</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624">CVE-2013-6624</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625">CVE-2013-6625</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626">CVE-2013-6626</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627">CVE-2013-6627</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628">CVE-2013-6628</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632">CVE-2013-6632</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634">CVE-2013-6634</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635">CVE-2013-6635</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636">CVE-2013-6636</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637">CVE-2013-6637</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638">CVE-2013-6638</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639">CVE-2013-6639</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640">CVE-2013-6640</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641">CVE-2013-6641</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643">CVE-2013-6643</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644">CVE-2013-6644</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645">CVE-2013-6645</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646">CVE-2013-6646</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649">CVE-2013-6649</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650">CVE-2013-6650</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652">CVE-2013-6652</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653">CVE-2013-6653</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654">CVE-2013-6654</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655">CVE-2013-6655</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656">CVE-2013-6656</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657">CVE-2013-6657</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658">CVE-2013-6658</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659">CVE-2013-6659</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660">CVE-2013-6660</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661">CVE-2013-6661</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663">CVE-2013-6663</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664">CVE-2013-6664</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665">CVE-2013-6665</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666">CVE-2013-6666</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667">CVE-2013-6667</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668">CVE-2013-6668</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802">CVE-2013-6802</uri>
|
|
|
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681">CVE-2014-1681</uri>
|
|
|
</references>
|
|
|
<metadata tag="requester" timestamp="2013-10-04T06:36:15Z">
|
|
|
pinkbyte
|
|
|
</metadata>
|
|
|
<metadata tag="submitter" timestamp="2014-03-05T10:57:09Z">
|
|
|
pinkbyte
|
|
|
</metadata>
|
|
|
</glsa>
|