Updated chromium-browser packages fix multiple security vulnerabilities
Publication date: 20 Apr 2014Modification date: 20 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1716 , CVE-2014-1717 , CVE-2014-1718 , CVE-2014-1719 , CVE-2014-1720 , CVE-2014-1721 , CVE-2014-1722 , CVE-2014-1723 , CVE-2014-1724 , CVE-2014-1725 , CVE-2014-1726 , CVE-2014-1727 , CVE-2014-1728 , CVE-2014-1729
Description
Updated chromium-browser-stable packages fix security vulnerabilities:
Multiple vulnerabilities in the V8 JavaScript library, including a UXSS issue
(CVE-2014-1716), OOB access (CVE-2014-1717), memory corruption
(CVE-2014-1721), and other vulnerabilities fixed in V8 version 3.24.35.22
(CVE-2014-1729).
Integer overflow in compositor (CVE-2014-1718).
Multiple use-after-free flaws; in web workers (CVE-2014-1719), DOM
(CVE-2014-1720), rendering (CVE-2014-1722), speech (CVE-2014-1724), and forms
(CVE-2014-1727).
Url confusion with RTL characters (CVE-2014-1723).
OOB read with window property (CVE-2014-1725).
Local cross-origin bypass (CVE-2014-1726).
Various fixes from internal audits, fuzzing and other initiatives
(CVE-2014-1728).
References
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
- https://bugs.mageia.org/show_bug.cgi?id=13187
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1717
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1726
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1729
SRPMS
3/core
- chromium-browser-stable-34.0.1847.116-2.mga3
- ninja-1.4.0-1.mga3
3/tainted
- chromium-browser-stable-34.0.1847.116-2.mga3.tainted
4/core
- chromium-browser-stable-34.0.1847.116-2.mga4
- ninja-1.4.0-1.mga4
4/tainted
- chromium-browser-stable-34.0.1847.116-2.mga4.tainted