Updated chromium-browser packages fix multiple security vulnerabilities
Publication date: 20 Apr 2014Modification date: 20 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1716 , CVE-2014-1717 , CVE-2014-1718 , CVE-2014-1719 , CVE-2014-1720 , CVE-2014-1721 , CVE-2014-1722 , CVE-2014-1723 , CVE-2014-1724 , CVE-2014-1725 , CVE-2014-1726 , CVE-2014-1727 , CVE-2014-1728 , CVE-2014-1729
Description
Updated chromium-browser-stable packages fix security vulnerabilities: Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue (CVE-2014-1716), OOB access (CVE-2014-1717), memory corruption (CVE-2014-1721), and other vulnerabilities fixed in V8 version 3.24.35.22 (CVE-2014-1729). Integer overflow in compositor (CVE-2014-1718). Multiple use-after-free flaws; in web workers (CVE-2014-1719), DOM (CVE-2014-1720), rendering (CVE-2014-1722), speech (CVE-2014-1724), and forms (CVE-2014-1727). Url confusion with RTL characters (CVE-2014-1723). OOB read with window property (CVE-2014-1725). Local cross-origin bypass (CVE-2014-1726). Various fixes from internal audits, fuzzing and other initiatives (CVE-2014-1728).
References
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
- https://bugs.mageia.org/show_bug.cgi?id=13187
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1717
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1726
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1729
SRPMS
4/tainted
- chromium-browser-stable-34.0.1847.116-2.mga4.tainted
4/core
- chromium-browser-stable-34.0.1847.116-2.mga4
- ninja-1.4.0-1.mga4
3/core
- chromium-browser-stable-34.0.1847.116-2.mga3
- ninja-1.4.0-1.mga3
3/tainted
- chromium-browser-stable-34.0.1847.116-2.mga3.tainted