Summary: | <www-client/chromium-40.0.2214.91: multiple vulnerabilities (CVE-2014-{7923,7924,7925,7926,7927,7928,7929,7930,7931,7932,7933,7934,7935,7936,7937,7938,7939,7940,7941,7942,7943,7944,7945,7946,7947,7948,9646,9647,9648},CVE-2015-{1205,1346,1359,1360,1361}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://googlechromereleases.blogspot.com/2015/01/stable-update.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-01-22 17:08:40 UTC
I am still waiting for upstream to post a tarball for 40.0.2214.91. I had to use the "fat" tarball since the "lite" tarball is still missing. 40.2214.91 is now in the tree. Please stabilize on amd64 and x86. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2014-7948 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948): The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate. CVE-2014-7947 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947): OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. CVE-2014-7946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946): The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation. CVE-2014-7945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945): OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. CVE-2014-7944 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944): The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. CVE-2014-7943 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943): Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2014-7942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942): The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2014-7941 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941): The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. CVE-2014-7940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940): The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. CVE-2014-7939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939): Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. CVE-2014-7938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938): The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2014-7937 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937): Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. CVE-2014-7936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936): Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble. CVE-2014-7935 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935): Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab. CVE-2014-7934 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934): Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures. CVE-2014-7933 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933): Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. CVE-2014-7932 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932): Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements. CVE-2014-7931 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931): factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers. CVE-2014-7930 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930): Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data. CVE-2014-7929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929): Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents. CVE-2014-7928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928): hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy. CVE-2014-7927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927): The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. CVE-2014-7926 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926): The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. CVE-2014-7925 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925): Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained. CVE-2014-7924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924): Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc. CVE-2014-7923 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923): The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. CVE-2015-1361 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361): platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. CVE-2015-1360 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360): Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. CVE-2015-1359 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359): Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. CVE-2015-1346 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346): Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-1205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205): Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-9648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648): components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. CVE-2014-9647 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647): Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. CVE-2014-9646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646): Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. This issue was resolved and addressed in GLSA 201502-13 at http://security.gentoo.org/glsa/glsa-201502-13.xml by GLSA coordinator Kristian Fiskerstrand (K_F). Restricting spam. |