Advisories ยป MGASA-2014-0183

Updated chromium-browser packages fix multiple security vulnerabilities

Publication date: 20 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1716 , CVE-2014-1717 , CVE-2014-1718 , CVE-2014-1719 , CVE-2014-1720 , CVE-2014-1721 , CVE-2014-1722 , CVE-2014-1723 , CVE-2014-1724 , CVE-2014-1725 , CVE-2014-1726 , CVE-2014-1727 , CVE-2014-1728 , CVE-2014-1729

Description

Updated chromium-browser-stable packages fix security vulnerabilities:

Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue
(CVE-2014-1716), OOB access (CVE-2014-1717), memory corruption
(CVE-2014-1721), and other vulnerabilities fixed in V8 version 3.24.35.22
(CVE-2014-1729).

Integer overflow in compositor (CVE-2014-1718).

Multiple use-after-free flaws; in web workers (CVE-2014-1719), DOM
(CVE-2014-1720), rendering (CVE-2014-1722), speech (CVE-2014-1724), and forms
(CVE-2014-1727).

Url confusion with RTL characters (CVE-2014-1723).

OOB read with window property (CVE-2014-1725).

Local cross-origin bypass (CVE-2014-1726).

Various fixes from internal audits, fuzzing and other initiatives
(CVE-2014-1728).
                

References

SRPMS

4/core

4/tainted

3/core

3/tainted