copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.0754 - [Debian] chromium-browser: Multiple vulnerabilities

Date: 19 May 2014
References: ASB-2014.0060  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0754
                     chromium-browser security update
                                19 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-1742 CVE-2014-1741 CVE-2014-1740

Reference:         ASB-2014.0060

Original Bulletin: 
   http://www.debian.org/security/2014/dsa-2930

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2930-1                   security@debian.org
http://www.debian.org/security/                           Michael Gilbert
May 17, 2014                           http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2014-1740 CVE-2014-1741 CVE-2014-1742

Several vulnerabilties have been discovered in the chromium web browser.

CVE-2014-1740

    Collin Payne discovered a use-after-free issue in chromium's
    WebSockets implementation.

CVE-2014-1741

    John Butler discovered multiple integer overflow issues in the
    Blink/Webkit document object model implementation.

CVE-2014-1742

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
    text editing feature.

For the stable distribution (wheezy), these problems have been fixed in
version 34.0.1847.137-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 34.0.1847.137-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJTd6vsAAoJELjWss0C1vRzzlwgAL0YcUYVeTRxkjLQZzr2dl5I
JuSD4Fl3Of8mB1TCPki9u70HLI6joDROXjtWe8pqOO65T5eVVJzmnanUhuMytwRe
Iv8s3k4PWgbjhJbZV/c3FYs/vhVn28zsJr1S4g8BSjT7AX90De32K2uqSzTbZ3dX
hUPaYM0CTs2sJAo3hhcwmc/WbB5FDhonLTuZZtcuHnkcMRYZkxDT0BOB19fApP1Y
OK+Xd9/cZhmFBY/Kn2IyOU2BQY0DX5xPe/E9PYGT5GHGd6FhrM+yDYOQgRoUEAxD
iOsYZz++YhMmTSNEhPHmZw19q/wSR4ZE4EzP0gNju0k+wOCDvNySUUSPr6eSCXT7
03+Bi/+8j0gxKTfNt5Ot4Ihzb4m4/pukI0YTK52Oe1n30yV2Z3dEQMVFNQVkrv0z
fmF7QoWskVYJZYqQot52OYllfCC1J2b/XRagdE06GkPEogh5G6vWIAbSXCm9LHsS
k2I5Oob9oOtqlXWNY0ucKiOvNtjP7r/Dy2lErAH5GEPb/Enfq2qkBJRbfPuU0Lye
xdlg1P0edzzCK1lrYobgVTZEsRByFy4hBYgx4soMTO1ZQrUmJ+B/97lY01EbCiO+
Z7Ary/r5vo1GEfMeZ51f8XtiJnJznW5Wo5yL+rrP6lWYSFKUAk+yDtUKzdf278Il
lald0aEp6Vvl2o8Y16v32TLi0k7MVYEf2ffHw5cXr8Jn7QiQyxVEoVjhi5vDhPPe
xZhB0Ss6FiyBlBLqtSJ8A9yNBW0u9UWgb3YEPvogdrEzbCS6WRkZpCSwHGdVaFYI
O5P+6gAVm8Aeci1Y6aTg8gVRbjEGU2yHLRFXmvkanIz1MExcVDYB3HRb/MIKtn+U
rklIVuWXrfQ50VMtSxFM/pC1bIC7PkdqC902LuSUEimACghN1QXGQnQgIVoUhvSw
IGU5PCYSGVI0U9m/z35mOwumDX3JtkAPM1nZD+5LpY/h7IyWYjN9Br9QEuIlWunS
QPD+kbSluAzKXJjtNny1Y+58vvG0jq1hMVPNY0BXtaVeJ2kmOu4ex8qobhWd3hcB
YP+YfrTXFOsx5HmBxlJvFcsJ2QuP8wBPC66p+IcQT5q3ShpyDQVmAnjemCcM65rh
AeP4dnKojkzPXE6vsEh4vbCbpudQ63ZsNUIRQr0/4K7tlkp9DVvw/78YON8VOhLZ
8QuybOkE3OBLsoMt2I0DaUwGJAJE29yswppYUAMifwvTUcCHTqFPgNxXc//hVWPK
r71jJtg8iCLkFAiXZgmQvYl34yGc3kGpFlyq8C7AF9oNhnnp2LP3gpoEK5QHM1cz
JWCpl9jcaCi+EM5MacwIlMdVhtSvx6dDzoAOCE5vFZ0a39ONShVDrKGFIJRzBSk=
=y9a+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU3mrHBLndAQH1ShLAQKe0w/+L4mk63+sJOn1EWNbhuT9s3M91KqcVvyB
eOzAj/B+KQZgFVL1wszBWon1lukYb4UwYo3n+xDLCLzOGP7Xk+YoJpLhviUbciyF
QahGInHai+5kSP/bj8cTX/dz72lCyTZmrX7ZlKS7FmY8rsMZ6YkC5/Bd2P57mEsi
mkiIM4bewP0yF1pY+2XGOTNumVXf1ELJTUPeVb3hDb4grRC3F9e5k5mtLBPSJp1t
OkPmbcJRSzpycC6o8rWQO/ZmIwP5r6ygUok9Da/CmWNiuamSq6KWLLIL9MLJDdWJ
gaPS+RaQvvxbLmZ1lMYDYG5uGiI0IBiemdyqDlBOLucQ7P1qRdskpaS4T00Hq45D
57C9myaCPH7hdqGyLLtlBAr8ULQ/u89QCcqPGMvwdDNJXbzBUo2LXMSXSXyFUi/t
lUMI/3OICCopWtX8nvY/ay8ghxagSXnHzO7B6fDvi7apuQvnAEt1CkrV/IMY3GDt
wU5yrxNy3++t6PwqSr2r62giws68PZuY+pDr7YD8fgedYJs/AEnt2k1BXJqkiwDT
nYklIbizHFHXrH0I8uvZT2Tb56LUgvKfhKflzHz4ab647kn4O9vs6C2qUJcR5us6
n4Q5n2SL2NT3Xo+pGQOqRr9wFQpwDJy4Av6ERAR5orWxehvpmgMW9JpW2LzjiIsw
RAop7Z2gydI=
=j6xo
-----END PGP SIGNATURE-----