Arch Linux Security Advisory ASA-201411-26 ========================================== Severity: High Date : 2014-11-20 CVE-ID : CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902 CVE-2014-7903 CVE-2014-7904 CVE-2014-7906 CVE-2014-7907 CVE-2014-7908 CVE-2014-7909 CVE-2014-7910 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package chromium before version 39.0.2171.65-1 is vulnerable to multiple issues including but not limited to address bar spoofing and denial of service. Resolution ========== Upgrade to 39.0.2171.65-1. # pacman -Syu "chromium>=39.0.2171.65-1" The problems have been fixed upstream in version 39.0.2171.65. Workaround ========== None. Description =========== - CVE-2014-7899 (address bar spoofing) A flaw allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. - CVE-2014-7900 (use-after-free) Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. - CVE-2014-7901 (integer overflow) Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. - CVE-2014-7902 (use-after-free) Use-after-free vulnerability in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. - CVE-2014-7903 (buffer overflow) Buffer overflow in OpenJPEG before r2911 in PDFium allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. - CVE-2014-7904 (buffer overflow) Buffer overflow in Skia allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2014-7906 (use-after-free) Use-after-free vulnerability in the Pepper plugins allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime. - CVE-2014-7907 (use-after-free) Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. - CVE-2014-7908 (integer overflow) Multiple integer overflows in the CheckMov function in media/base/container_names.cc allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. - CVE-2014-7909 (uninitialized memory read) A flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. - CVE-2014-7910 (various issues) Various issues from internal audits, fuzzing and other initiatives that allow attackers to cause a denial of service or possibly have other impact. Impact ====== A remote attacker is be able to spoof the address bar, cause a denial of service or possibly have unspecified other impacts. References ========== [0] http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.htm... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7899 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7900 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7901 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7902 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7903 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7904 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7906 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7907 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7908 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7909 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7910