Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 510288 (CVE-2014-1740) - <www-client/chromium-34.0.1847.137: Multiple Vulnerabilities (CVE-2014-{1740,1741,1742})
Summary: <www-client/chromium-34.0.1847.137: Multiple Vulnerabilities (CVE-2014-{1740,...
Status: RESOLVED FIXED
Alias: CVE-2014-1740
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/58312/
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-14 07:52 UTC by Agostino Sarubbo
Modified: 2014-09-02 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-05-14 07:52:24 UTC
From ${URL} :

Description

Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) The application bundles a vulnerable version of the Adobe Flash Player.

For more information:
SA58074

2) A use-after-free error exists in WebSockets.

3) An integer overflow error exists in DOM ranges.

4) A use-after-free error exists in editing.

Successful exploitation of the vulnerabilities #2 through #4 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 34.0.1847.137.


Solution:
Update to version 34.0.1847.137.

Provided and/or discovered by:
The vendor credits:
2) Collin Payne.
3) John Butler.
4) cloudfuzzer.

Original Advisory:
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Mike Gilbert gentoo-dev 2014-05-15 15:00:12 UTC
www-client/chromium-34.0.1847.137 is in the tree. Please stabilize.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2014-05-15 17:18:32 UTC
Arches, please test and mark stable:

=www-client/chromium-34.0.1847.137

Target Keywords : "amd64 x86"

Thank you!
Comment 3 Richard Freeman gentoo-dev 2014-05-15 19:50:05 UTC
amd64 stable
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-05-15 19:59:32 UTC
CVE-2014-1742 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742):
  Use-after-free vulnerability in the FrameSelection::updateAppearance
  function in core/editing/FrameSelection.cpp in Blink, as used in Google
  Chrome before 34.0.1847.137, allows remote attackers to cause a denial of
  service or possibly have unspecified other impact by leveraging improper
  RenderObject handling.

CVE-2014-1741 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741):
  Multiple integer overflows in the replace-data functionality in the
  CharacterData interface implementation in core/dom/CharacterData.cpp in
  Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers
  to cause a denial of service or possibly have unspecified other impact via
  vectors related to ranges.

CVE-2014-1740 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740):
  Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc
  in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via vectors related to WebSocketJob deletion.
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-05-17 14:33:17 UTC
x86 stable.

Added to existing glsa draft.

@maintainers, cleanup, please.
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-05-22 20:51:57 UTC
Cleanup for this bug done.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-09-02 07:58:42 UTC
This issue was resolved and addressed in
 GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).