Summary: | <www-client/chromium-33.0.1750.152 : Multiple Vulnerabilities (CVE-2014-{1705,1713,1714,1715}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.it/2014/03/stable-channel-update_14.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-17 13:57:49 UTC
Working on the bump. Please stabilize on amd64 and x86. =www-client/chromium-33.0.1750.152 amd64 stable x86 stable Security: please add it to the existing draft or file a new one. glsa request filed. CVE-2014-1715 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715): Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. CVE-2014-1714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714): The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. CVE-2014-1713 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713): Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. CVE-2014-1705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705): Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |