[arch-security] [ASA-201501-21] chromium: multiple issues
Arch Linux Security Advisory ASA-201501-21 ========================================== Severity: High Date : 2015-01-25 CVE-ID : CVE-2014-7923 CVE-2014-7924 CVE-2014-7925 CVE-2014-7926 CVE-2014-7927 CVE-2014-7928 CVE-2014-7930 CVE-2014-7931 CVE-2014-7929 CVE-2014-7932 CVE-2014-7933 CVE-2014-7934 CVE-2014-7935 CVE-2014-7936 CVE-2014-7937 CVE-2014-7938 CVE-2014-7939 CVE-2014-7940 CVE-2014-7941 CVE-2014-7942 CVE-2014-7943 CVE-2014-7944 CVE-2014-7945 CVE-2014-7946 CVE-2014-7947 CVE-2014-7948 CVE-2015-1205 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 40.0.2214.91-1 is vulnerable to multiple issues including bug not limited to denial of service, same-origin bypass or possibly have unspecified other impact. Resolution ========== Upgrade to 40.0.2214.91-1. # pacman -Syu "chromium>=40.0.2214.91-1" The problems have been fixed upstream in version 40.0.2214.91. Workaround ========== None. Description =========== - CVE-2014-7923 (memory corruption) The Regular Expressions package in International Components for Unicode (ICU) 52, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression. - CVE-2014-7924 (use-after-free) Use-after-free vulnerability in the IndexedDB implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references. - CVE-2014-7925 (use-after-free) Use-after-free vulnerability in the WebAudio implementation in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained. - CVE-2014-7926 (memory corruption) The Regular Expressions package in International Components for Unicode (ICU) 52 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. - CVE-2014-7927 (memory corruption) The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8 does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. - CVE-2014-7928 (memory corruption) hydrogen.cc in Google V8 does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy. - CVE-2014-7930 (use-after-free) Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data. - CVE-2014-7931 (memory corruption) factory.cc in Google V8 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers. - CVE-2014-7929 (use-after-free) Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents. - CVE-2014-7932 (use-after-free) Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements. - CVE-2014-7933 (use-after-free) Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. - CVE-2014-7934 (use-after-free) Use-after-free vulnerability in the DOM implementation in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures. - CVE-2014-7935 (use-after-free) Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab. - CVE-2014-7936 (use-after-free) Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble. - CVE-2014-7937 (use-after-free) Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2 allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. - CVE-2014-7938 (memory corruption) The Fonts implementation allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. - CVE-2014-7939 (same-origin bypass) When the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. - CVE-2014-7940 (uninitialized-value) The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. - CVE-2014-7941 (out-of-bounds read) The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. - CVE-2014-7942 (uninitialized-value) The Fonts implementation does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2014-7943 (out-of-bounds read) Skia allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. - CVE-2014-7944 (out-of-bounds read) The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. - CVE-2014-7945 (out-of-bounds read) OpenJPEG before r2908, as used in PDFium, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. - CVE-2014-7946 (out-of-bounds read) The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation. - CVE-2014-7947 (out-of-bounds read) OpenJPEG before r2944, as used in PDFium, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. - CVE-2014-7948 (caching error) The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate. - CVE-2015-1205 (denial of service) Multiple unspecified vulnerabilities allow attackers to cause a denial-of-service or possibly have other impact via unknown vectors. Impact ====== A remote attacker is able to perform denial of service, bypass the same-origin policy or possibly have unspecified other impact. References ========== http://googlechromereleases.blogspot.fr/2015/01/stable-update.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7923 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7924 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7925 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7926 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7927 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7928 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7930 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7931 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7929 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7932 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7933 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7934 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7935 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7936 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7937 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7938 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7939 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7940 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7941 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7942 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7943 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7944 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7945 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7946 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7947 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7948 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1205
participants (1)
-
Levente Polyak