GLSA 201309-16: Chromium, V8: Multiple vulnerabilities
Severity: | high |
Title: | Chromium, V8: Multiple vulnerabilities |
Date: | 09/24/2013 |
Bugs: |
|
ID: | 201309-16 |
Synopsis
Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.Background
Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
www-client/chromium | < 29.0.1457.57 | >= 29.0.1457.57 | All supported architectures |
dev-lang/v8 | < 3.18.5.14 | >= 3.18.5.14 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.
Impact
A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-29.0.1457.57"
All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"
References
CVE-2012-5116 CVE-2012-5117 CVE-2012-5118 CVE-2012-5120 CVE-2012-5121 CVE-2012-5122 CVE-2012-5123 CVE-2012-5124 CVE-2012-5125 CVE-2012-5126 CVE-2012-5127 CVE-2012-5128 CVE-2012-5130 CVE-2012-5132 CVE-2012-5133 CVE-2012-5135 CVE-2012-5136 CVE-2012-5137 CVE-2012-5138 CVE-2012-5139 CVE-2012-5140 CVE-2012-5141 CVE-2012-5142 CVE-2012-5143 CVE-2012-5144 CVE-2012-5145 CVE-2012-5146 CVE-2012-5147 CVE-2012-5148 CVE-2012-5149 CVE-2012-5150 CVE-2012-5151 CVE-2012-5152 CVE-2012-5153 CVE-2012-5154 CVE-2013-0828 CVE-2013-0829 CVE-2013-0830 CVE-2013-0831 CVE-2013-0832 CVE-2013-0833 CVE-2013-0834 CVE-2013-0835 CVE-2013-0836 CVE-2013-0837 CVE-2013-0838 CVE-2013-0839 CVE-2013-0840 CVE-2013-0841 CVE-2013-0842 CVE-2013-0879 CVE-2013-0880 CVE-2013-0881 CVE-2013-0882 CVE-2013-0883 CVE-2013-0884 CVE-2013-0885 CVE-2013-0887 CVE-2013-0888 CVE-2013-0889 CVE-2013-0890 CVE-2013-0891 CVE-2013-0892 CVE-2013-0893 CVE-2013-0894 CVE-2013-0895 CVE-2013-0896 CVE-2013-0897 CVE-2013-0898 CVE-2013-0899 CVE-2013-0900 CVE-2013-0902 CVE-2013-0903 CVE-2013-0904 CVE-2013-0905 CVE-2013-0906 CVE-2013-0907 CVE-2013-0908 CVE-2013-0909 CVE-2013-0910 CVE-2013-0911 CVE-2013-0912 CVE-2013-0916 CVE-2013-0917 CVE-2013-0918 CVE-2013-0919 CVE-2013-0920 CVE-2013-0921 CVE-2013-0922 CVE-2013-0923 CVE-2013-0924 CVE-2013-0925 CVE-2013-0926 CVE-2013-2836 CVE-2013-2837 CVE-2013-2838 CVE-2013-2839 CVE-2013-2840 CVE-2013-2841 CVE-2013-2842 CVE-2013-2843 CVE-2013-2844 CVE-2013-2845 CVE-2013-2846 CVE-2013-2847 CVE-2013-2848 CVE-2013-2849 CVE-2013-2853 CVE-2013-2855 CVE-2013-2856 CVE-2013-2857 CVE-2013-2858 CVE-2013-2859 CVE-2013-2860 CVE-2013-2861 CVE-2013-2862 CVE-2013-2863 CVE-2013-2865 CVE-2013-2867 CVE-2013-2868 CVE-2013-2869 CVE-2013-2870 CVE-2013-2871 CVE-2013-2874 CVE-2013-2875 CVE-2013-2876 CVE-2013-2877 CVE-2013-2878 CVE-2013-2879 CVE-2013-2880 CVE-2013-2881 CVE-2013-2882 CVE-2013-2883 CVE-2013-2884 CVE-2013-2885 CVE-2013-2886 CVE-2013-2887 CVE-2013-2900 CVE-2013-2901 CVE-2013-2902 CVE-2013-2903 CVE-2013-2904 CVE-2013-2905 Release Notes 23.0.1271.64 Release Notes 23.0.1271.91 Release Notes 23.0.1271.95
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.