[gentoo-announce] [ GLSA 201502-13 ] Chromium: Multiple vulnerabilities

Fabricante: Gentoo
Fecha: 17/02/2015
Identificador: GLSA 201502-13
[gentoo-announce] [ GLSA 201502-13 ] Chromium: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 17, 2015 Bugs: #537366, #539094 ID: 201502-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. Background ========== Chromium is an open-source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 40.0.2214.111 >= 40.0.2214.111 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to cause a Denial of Service condition, gain privileges via a filesystem: URI, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-40.0.2214.111" References ========== [ 1 ] CVE-2014-7923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7923 [ 2 ] CVE-2014-7924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7924 [ 3 ] CVE-2014-7925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7925 [ 4 ] CVE-2014-7926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7926 [ 5 ] CVE-2014-7927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7927 [ 6 ] CVE-2014-7928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7928 [ 7 ] CVE-2014-7929 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7929 [ 8 ] CVE-2014-7930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7930 [ 9 ] CVE-2014-7931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7931 [ 10 ] CVE-2014-7932 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7932 [ 11 ] CVE-2014-7933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7933 [ 12 ] CVE-2014-7934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7934 [ 13 ] CVE-2014-7935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7935 [ 14 ] CVE-2014-7936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7936 [ 15 ] CVE-2014-7937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937 [ 16 ] CVE-2014-7938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7938 [ 17 ] CVE-2014-7939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7939 [ 18 ] CVE-2014-7940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7940 [ 19 ] CVE-2014-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7941 [ 20 ] CVE-2014-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7942 [ 21 ] CVE-2014-7943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7943 [ 22 ] CVE-2014-7944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7944 [ 23 ] CVE-2014-7945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7945 [ 24 ] CVE-2014-7946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7946 [ 25 ] CVE-2014-7947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7947 [ 26 ] CVE-2014-7948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7948 [ 27 ] CVE-2014-9646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9646 [ 28 ] CVE-2014-9647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9647 [ 29 ] CVE-2014-9648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9648 [ 30 ] CVE-2015-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1205 [ 31 ] CVE-2015-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1209 [ 32 ] CVE-2015-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1210 [ 33 ] CVE-2015-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1211 [ 34 ] CVE-2015-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1212 [ 35 ] CVE-2015-1346 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1346 [ 36 ] CVE-2015-1359 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1359 [ 37 ] CVE-2015-1360 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1360 [ 38 ] CVE-2015-1361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1361 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201502-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5