Updated chromium-browser-stable packages fix multiple vulnerabilities
Publication date: 10 May 2014Modification date: 10 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1730 , CVE-2014-1731 , CVE-2014-1732 , CVE-2014-1733 , CVE-2014-1734 , CVE-2014-1735 , CVE-2014-1736
Description
Updated chromium-browser-stable packages fix security vulnerabilities: A type confusion issue was discovered in the v8 javascript library (CVE-2014-1730). John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation (CVE-2014-1731). Khalil Zhani discovered a use-after-free issue in the speech recognition feature (CVE-2014-1732). Jed Davis discovered a way to bypass the seccomp-bpf sandbox (CVE-2014-1733). The Google Chrome development team discovered and fixed multiple issues with potential security impact (CVE-2014-1734). The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library (CVE-2014-1735). SkyLined discovered an integer overlflow issue in the v8 javascript library (CVE-2014-1736).
References
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
- https://www.debian.org/security/2014/dsa-2920
- https://bugs.mageia.org/show_bug.cgi?id=13325
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1736
SRPMS
4/core
- chromium-browser-stable-34.0.1847.132-2.mga4
4/tainted
- chromium-browser-stable-34.0.1847.132-2.mga4.tainted
3/tainted
- chromium-browser-stable-34.0.1847.132-2.mga3.tainted
3/core
- chromium-browser-stable-34.0.1847.132-2.mga3