[arch-security] [Arch Linux Security Advisory ASA-201411-26] chromium: multiple issues
Levente Polyak
anthraxx at archlinux.org
Thu Nov 20 23:27:35 UTC 2014
Arch Linux Security Advisory ASA-201411-26
==========================================
Severity: High
Date : 2014-11-20
CVE-ID : CVE-2014-7899 CVE-2014-7900 CVE-2014-7901 CVE-2014-7902
CVE-2014-7903 CVE-2014-7904 CVE-2014-7906 CVE-2014-7907
CVE-2014-7908 CVE-2014-7909 CVE-2014-7910
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package chromium before version 39.0.2171.65-1 is vulnerable to
multiple issues including but not limited to address bar spoofing and
denial of service.
Resolution
==========
Upgrade to 39.0.2171.65-1.
# pacman -Syu "chromium>=39.0.2171.65-1"
The problems have been fixed upstream in version 39.0.2171.65.
Workaround
==========
None.
Description
===========
- CVE-2014-7899 (address bar spoofing)
A flaw allows remote attackers to spoof the address bar by placing a
blob: substring at the beginning of the URL, followed by the original
URI scheme and a long username string.
- CVE-2014-7900 (use-after-free)
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile
function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted PDF document.
- CVE-2014-7901 (integer overflow)
Integer overflow in the opj_t2_read_packet_data function in
fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a long segment in a JPEG image.
- CVE-2014-7902 (use-after-free)
Use-after-free vulnerability in PDFium allows remote attackers to cause
a denial of service or possibly have unspecified other impact via a
crafted PDF document.
- CVE-2014-7903 (buffer overflow)
Buffer overflow in OpenJPEG before r2911 in PDFium allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted JPEG image.
- CVE-2014-7904 (buffer overflow)
Buffer overflow in Skia allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7906 (use-after-free)
Use-after-free vulnerability in the Pepper plugins allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via crafted Flash content that triggers an attempted
PepperMediaDeviceManager access outside of the object's lifetime.
- CVE-2014-7907 (use-after-free)
Multiple use-after-free vulnerabilities in
modules/screen_orientation/ScreenOrientationController.cpp in Blink
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger improper handling of a
detached frame, related to the (1) lock and (2) unlock methods.
- CVE-2014-7908 (integer overflow)
Multiple integer overflows in the CheckMov function in
media/base/container_names.cc allow remote attackers to cause a denial
of service or possibly have unspecified other impact via a large atom in
(1) MPEG-4 or (2) QuickTime .mov data.
- CVE-2014-7909 (uninitialized memory read)
A flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using
uninitialized integer values, which might allow remote attackers to
cause a denial of service by rendering crafted data.
- CVE-2014-7910 (various issues)
Various issues from internal audits, fuzzing and other initiatives that
allow attackers to cause a denial of service or possibly have other impact.
Impact
======
A remote attacker is be able to spoof the address bar, cause a denial of
service or possibly have unspecified other impacts.
References
==========
[0]
http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7899
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7900
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7901
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7902
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7903
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7904
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7906
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7907
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7908
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7909
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7910
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141121/1d71650e/attachment.bin>
More information about the arch-security
mailing list