Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0856
chromium-browser security update
2 June 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium-browser
Publisher: Debian
Operating System: Debian GNU/Linux 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3152 CVE-2014-1749 CVE-2014-1748
CVE-2014-1747 CVE-2014-1746 CVE-2014-1745
CVE-2014-1744 CVE-2014-1743
Reference: ASB-2014.0061
Original Bulletin:
http://www.debian.org/security/2014/dsa-2939
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2939-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
May 31, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746
CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152
Several vulnerabilities were discovered in the chromium web browser.
CVE-2014-1743
cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
document object model implementation.
CVE-2014-1744
Aaron Staple discovered an integer overflow issue in audio input
handling.
CVE-2014-1745
Atte Kettunen discovered a use-after-free issue in the Blink/Webkit
scalable vector graphics implementation.
CVE-2014-1746
Holger Fuhrmannek discovered an out-of-bounds read issue in the URL
protocol implementation for handling media.
CVE-2014-1747
packagesu discovered a cross-site scripting issue involving
malformed MHTML files.
CVE-2014-1748
Jordan Milne discovered a user interface spoofing issue.
CVE-2014-1749
The Google Chrome development team discovered and fixed multiple
issues with potential security impact.
CVE-2014-3152
An integer underflow issue was discovered in the v8 javascript
library.
For the stable distribution (wheezy), these problems have been fixed in
version 35.0.1916.114-1~deb7u2.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 35.0.1916.114-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTiYO1AAoJELjWss0C1vRz2cMf/ixDiv7EKNOdYllZu0pGCtPu
wQ2G+zBv3EIV4vsmXzhp4sQS2hK2U4FLtCJz8lR3tSjOYkVca4sEAdKIp7kpsVMM
OONydls7xoiJGgUT5DU38SFHXtJ9svhx54ENY+1MY7+DZerfRqTWt7Hl87G2Tw0M
VctpPkY6z93qlREF2RQTnuMYiBzpK5cuwqRbvbgZHODYDoDb1PnIsV+g9kIha4I+
XE4zC2GAsQnf3StxEZXY+SQ/Xoqr+LDaMo1xq2mJ/8X+SERlMPEWOZXtFn4OMO51
C7WO3jwSvZcHqpj/85milzUafkYb/C8URpXb6QdOape5Sga7zTVHHxP06VAcG5Rs
9ZndOqPb6D8dchCBOGdM7cNZ/8vWyn01kT6XgWwySq1EsF1hA6oX9FWtteijpOpX
9SxtDhQTcb/oUKjWYoc7czudBl85y9ZBUVEmh7AoOrsiMbM/TT3p71+z0zAPILV9
ksbn5eLgzMY4dXr2CO4FjnCztx6Nq1QSP2sWa7x/bnHHc3KFI7UirlGRpa6Ke417
q0Mj2BnlQCli684dffV66jYUrr/6OamzJr8LzR1iM4/UWRkN5rmm6diSqm0CXPTn
Mfo/7Qe8g2gr6jKibb9ZOBy/pmwvLgnslvWpkk8LbvgrNVrizbl6zoWc7B/Gh/Z2
xBXkVEwptEltAeShDBvroAnLFbBlEV6TqncF1+evJKA4c8vcbBkjQMHVJ720V4jE
c9YbQGQnegOLwODHQujYYoQpu4xhBZir/Kzl3dcBLDTLTrb/+MqyGaHyNMl9XU83
dYJGh05pTnvwwsOZzJz7G78ZTWkw5ocpuj6a/lQGTK6nW5XD+UScgV5c1qCxLOw7
fqmYripUx7uFPf7Fz85XZNGVO+GU7rKV7M4np2MzvsGOavo3VJKBnx//vJd3CDsu
R88G0rGFPzKCKjYMMkHjC+A5tls2SHH+nzUm7ZV8gknMGJX7YgvDIg4Tg8qsKLQj
uktm9VDUa3whrT3AdCSjw/Fjr70S/J96ZF59s4qfZmqqNEQ0xs3gYX9is9ufNI+8
fPUHv0bogLmngZjulfulmrsX/Ai5bpnSph2gG6uIks5d82iQrco9cS87/rd1hovK
ZNV7jJlQE6t1bB2A8JH/UZn3l+yy/guanKdGwiJOZT4UMqY/hurfZDfFKHIBejZl
03D3Gxd7oGi31nO7EvXGRjLm0xw0dNN+CBzRsxrRu2WPbbWh2OWwr9UrcEF3jdqR
7dBA/UVCEKloOEZuu2H3vrko1mhewy4C7aAvQS2ZWBzUp8weQ9NZl9bR8KimcsSH
xM6qzuZhfH1xY+sYfROnuoyuQK4edf5rssE4jowL3CzHAiFLw8fL9//xlbZRqTw=
=Tlbj
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU4vLIRLndAQH1ShLAQJxdxAAvgChKOZI1ljxJlmDv/jgRCSvFHRtdR8C
UzPVzD+DlbeHrYJPIj+Zon3jqKNXFKWWFd4ZnQdNoGzv4hWSK1VbEciL4YxCTbZS
r50jbf7dhwpRQ8uMLlFwS4nqMfrIVJfh2dMf4nWPAp3ZE8DObkxGbgS8y8PMx6zm
2onRHefni0bJHdWgXxWOx1dYA4cyfdzUZj0/EpAVPN+M2y3KCQYV4VSCnM0kaRQl
1HKQgxq0lmFLUy77gmNLFgpxLh+FvZciVtLY9oYdd+pYGfGXQl03FykpO+m24MCm
J3PxtvEm9HyBNAfK0JQipx1PA0TucWqBsnNfg/IvSBSGUiOuaK+psO/Tp3vvk2pg
qYBuSFBIKEAQl3jNFH7cn/Hwldykju8zMfl/vR1ngrhtfuDNgaDj5zC6VIVSPdFI
VqeuoCqDSqiuELxehlG+2hcZqAond8GAykNDJ8SoevuFLiIEkPOUl8z3UaDkNT0f
bf1N1KhwO9d5OmG8pGjKv2HfrOmu0OmFsfDKdj2PRoxrcPArQT9n0G4YdBtU5XjQ
iKJMZ1B4GvZxwKzf3cay19xNrfxSRt9dxP35ywrEImMQVhGjIQm5Tgc87I3sNkoD
GJNxfa2TdAjcsn6DQ/tPuNfzi9n0mQo8CntZ4lMWCTt0pZDQuWLp3izZfZaTs/NM
qy2+gydSvs4=
=vA64
-----END PGP SIGNATURE-----