Summary: | <www-client/chromium-34.0.1847.137: Multiple Vulnerabilities (CVE-2014-{1740,1741,1742}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/58312/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-05-14 07:52:24 UTC
www-client/chromium-34.0.1847.137 is in the tree. Please stabilize. Arches, please test and mark stable: =www-client/chromium-34.0.1847.137 Target Keywords : "amd64 x86" Thank you! amd64 stable CVE-2014-1742 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742): Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling. CVE-2014-1741 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741): Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges. CVE-2014-1740 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740): Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion. x86 stable. Added to existing glsa draft. @maintainers, cleanup, please. Cleanup for this bug done. This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |