VARIoT IoT vulnerabilities database

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is due to the failure to properly process L2TP packets. The attacker can use the vulnerability to send malformed L2TP packets to crash the service and cause a denial of service attack. Successful exploits may allow attackers to cause a reload of the affected ESP card, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCun09973

The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. Vendors have confirmed this vulnerability Bug ID CSCun74352 It is released as.Skillfully crafted by a third party URL You may get important information through. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCun74352. IP Manager Assistant (IPMA) is one of the PC-based network management applications, also known as network assistant, which is mainly used to simplify network configuration, deployment, and daily management and maintenance

The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCun74374. Call Detail Records (CDR) Management is one of the call detail record management applications

The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. This issue is being tracked by Cisco Bug ID CSCun74133. Document Management is one of the document management applications. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request to upload any to any pathname

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. Adobe Flash Player Contains a buffer overflow vulnerability. Attacks on this vulnerability 2014 Year 4 Observed on the moon.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: May 03, 2014 Bugs: #501960, #504286, #507176, #508986 ID: 201405-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356" References ========== [ 1 ] CVE-2014-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498 [ 2 ] CVE-2014-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499 [ 3 ] CVE-2014-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502 [ 4 ] CVE-2014-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503 [ 5 ] CVE-2014-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504 [ 6 ] CVE-2014-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506 [ 7 ] CVE-2014-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507 [ 8 ] CVE-2014-0508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508 [ 9 ] CVE-2014-0509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509 [ 10 ] CVE-2014-0515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0447-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0447.html Issue date: 2014-04-29 CVE Names: CVE-2014-0515 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.356-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.356-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.356-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.356-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.356-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.356-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.356-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.356-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.356-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.356-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0515.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-13.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTYCvjXlSAg2UNWIIRAo9cAJ9+xjq+IArfYWnElZ3eS4DDSMRNfgCfTUtG +MNXS/YC8jqbPt7rn6VE0cA= =5N+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web root via directory traversal. A remote attacker can abuse this to download sensitive files and execute remote code under the context of the user. InduSoft Web Studio is a complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the web server. Information harvested may aid in launching further attacks. InduSoft Web Studio 7.1 is vulnerable; other versions may also be affected

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. A cross-site scripting vulnerability exists in Siemens SIMATIC S7-1200. Because some unspecified input is not properly filtered before being used, an attacker can exploit the vulnerability to execute arbitrary HTML and script code in a user's browser session at the affected site. Siemens SIMATIC S7-1200 is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input before being returned to the user. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SIMATIC S7-1200 versions 2.x and 3.x are vulnerable. Siemens SIMATIC S7-1200 is a programmable logic controller (PLC) used in small and medium-sized automation systems of Siemens, Germany

The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. HP Integrated Lights-Out is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to trigger denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04244787 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04244787 Version: 1 HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-24 Last Updated: 2014-04-24 Potential Security Impact: Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability). iLO 2 servers are not vulnerable to CVE-2014-0160. References: CVE-2014-2601, SSRT101509 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2601 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following firmware updates available to resolve this vulnerability: Please note that this firmware update does not apply to p-class blades (BL20p G4, BL25p G2, and BL45p G2). A separate firmware release will be made available for those systems. Online ROM Flash Component for Windows x86 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p1443420321/v96367 Online ROM Flash Component for Windows x64 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p2023401934/v96368 Linux Online Flash Component ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-ilo/p1285463034/v96369 HISTORY Version:1 (rev.1) - 24 April 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlNZIVMACgkQ4B86/C0qfVlLDgCeLGHy2eFzRdumcQvrJ2BPQ7Tv 4XkAmwamdnoBJwk4PWXXgd5MTFQ7kYCP =XOP2 -----END PGP SIGNATURE-----

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. Since some unknown input is not properly filtered before being used to display the HTTP header, the attacker can use the HTTP header of the vulnerability to send the response to the user. Siemens SIMATIC S7-1200 is prone to an HTTP-response-splitting vulnerability because it fails to properly sanitize user-supplied input. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. SIMATIC S7-1200 2.x and 3.x versions are vulnerable. Siemens SIMATIC S7-1200 is a programmable logic controller (PLC) used in small and medium-sized automation systems of Siemens, Germany

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. Cisco IOS Has an interface ACL A vulnerability exists that circumvents the restriction. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue allows remote attackers to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCty73682

Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. The Cisco ASR 1000 Series Aggregation Services Routers drive the transformation of service providers and enterprise network edge areas with their compact form factor, industry-leading performance, instant service capabilities and high smoothness. The Cisco ASR 1000 Series Routers are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub55948

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary: A minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) * struts2: ClassLoader manipulation via request parameters (CVE-2014-0112) * jetty: HTTP request smuggling (CVE-2017-7657) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1595620 - CVE-2017-7657 jetty: HTTP request smuggling 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112 - ------------------------------------------------------------------------ 1. Summary VMware product updates address security vulnerabilities in Apache Struts library 2. Relevant releases VMware vCenter Operations Management Suite prior to 5.8.2 3. Problem Description a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0050, CVE-2014-0094, and CVE-2014-0112 to these issues. CVE-2014-0112 may lead to remote code execution. This issue was found to be only partially addressed in CVE-2014-0094. CVE-2014-0050 may lead to a denial of service condition. vCenter Operations Management Suite (vCOps) is affected by both CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112 may lead to remote code execution without authentication. vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not by CVE-2014-0112. Workaround A workaround for CVE-2014-0112 is documented in VMware Knowledge Base article 2081470. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCOPS 5.8.x any vCOPS 5.8.2 vCOPS 5.7.x any patch pending * vCO 5.5 any patch pending vCO 5.1 any patch pending vCO 4.2 any patch pending *Customers are advised to apply the workaround or update to vCOps 5.8.2. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Operations Management Suite 5.8.2 ----------------------------------------- Downloads and Documentation: https://www.vmware.com/go/download-vcops 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112 http://kb.vmware.com/kb/2081470 - ------------------------------------------------------------------------ 6. Change log 2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8 wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----

SITECOM WLR-4000/ WLR-4004 is a router. Multiple Sitecom products have an Admin cryptographic key security restriction bypass vulnerability, as the device generates a predictive way of managing passwords and WPA2 passphrases. Allows remote attackers to more easily obtain this information, allowing them to potentially access the device. This may lead to other attacks. The following products are vulnerable: Sitecom WLR-4000 v1 001 Sitecom WLR-4004 v1 001

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ImageData objects. In certain conditions, an attacker would be able to read and write pixel data. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Chrome 34.0.1847.131 and 34.0.1847.132 are vulnerable. Google Chrome is a web browser developed by Google (Google). An integer overflow vulnerability exists in the api.cc file of Google V8. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2920-1 security@debian.org http://www.debian.org/security/ Michael Gilbert May 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733 CVE-2014-1734 CVE-2014-1735 CVE-2014-1736 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-1730 A type confusion issue was discovered in the v8 javascript library. CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. CVE-2014-1732 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2014-1733 Jed Davis discovered a way to bypass the seccomp-bpf sandbox. CVE-2014-1734 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-1735 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library. CVE-2014-1736 SkyLined discovered an integer overlflow issue in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTZWJ6AAoJELjWss0C1vRzK+sgALIEDCn9Ud3owKNxdM6sglkB /yx9toTplWx2reGXn4qyfNPtxQMbS9AyIhcLEKMbIIrXaEY9CjB+JhfP6IC0RPCJ NLPd21uDo63LhiCkgtbNgftPcDK6NwaPy67Uui64zI/MkB6me4C3ECZB2nxmjNAO 0OJQMDQv217ei1w8QCIofouUbJU4Vq56mxpX7tEVUPJkgA6FE4aUNcrxKcKhdnxU WtUW49d1Q+6RcJjthugyWppzb9N+0ClxNpRADzMa5jgaiQxEBuRJewipiJhTQg5l XTB2o6V8G/+NWEqTJPe7t+QKwERE9yUp4pyiwMolttJffKm7ipgbDdIHTan/LYfu A5CQFT7cre7l4r90YtgAo/da/kwDs6whTAoiFb6hxhLLgarpsO5WjMFrCeGHZek1 weOMO6VbhLDaHJHKQOnIy2shhG850OX4twLznOnqZ2x3XcurhqjZEg8XaiFRQiPU p8d2Qy25XraAQ8fG71LKN7M5h6q8yWkofZFrVysNOSu7zeadZUfmO7OXE9vO4Gqu bA8P/1ihaH0+KcUJsd7yP0Lv+avtww++/4Ak1msUn95OiOynjuJ1e5VtEQFFyRDj fRWcJcG1ssKCIKB8lSuqVXcEyYDS5LpfRTcWJq/6Jutz+N5axWYlDBMZwq75CULR EkW6oUrZtq9dACLTBNtRqPF7ClBV6x42lgZ3nfKTly84/nS3tpsfQv8oKDRsckzm GsJPl/DKm/D73kJyZEqYChxiKE3i4WYmsjltcCXQi0PJzEqGnvFaWsAPISD3EEYz nIwpjBMXAYFyVwp16UcNj7uVjlf9ZQetY5dVEF//I3jjTUMWFadHQ0IYZaHpYRle ZC0fKv6xqGN5krE6ommWvAgkLlQdlupU+FT8abaXWyrnWTHTGi2bOFe0wlXzdUPh gp7zgaOehCI7CsMUxK8VeRXF19K4x1KfGUA+VVUsvXF5G5D6Ucowybi6ObTPqFDA LHDrIIL44cnPU4BqZ/KRfN/f0hfu1hHHD7TmonHbt7JeWIFqEWDvtDI4hx4kjaYc nHt1ZyK2YyGRZwJ8drhJi1+iYSRApx36nvIOZn6fa8rZDCqE1VObPOr6lyexuhge tnTDQta21hkXnyTEs/lYRbWK4K0KK4AXyWCtbiAJOe65/9eSd5Yq48dbfPBLUJSe XKFKhkTo0FNDLB2MsgVikTptvpiFG8dwoOrWqCBz9z23eAhFmVGM/vciNBLNyy2B QtSLd4+VSd/za51sldpN6ZFG4CTm6Z5NWGEnNxptHw5iE6cQHior+snS65HzbsQ5 ykJ5HqSGIsGLSkdeKC44XOfBUU9jU14llMOdf5OKx9vfmX/Hl3T0Z+jWwHpKpWk= =/B/T -----END PGP SIGNATURE-----

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. Festo CECX-X-C1 and CECX-X-M1 are modular air-sourced controllers. Attackers can exploit these issues to bypass authentication mechanism and gain unauthorized access. Successful exploits may allow attackers to execute arbitrary code, causing a denial-of-service condition. http://drupal.org/node/207891

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Festo CECX-X-C1 and CECX-X-M1 are modular air source controllers. Attackers can exploit these issues to bypass authentication mechanism and gain unauthorized access. http://drupal.org/node/207891

The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Chrome 34.0.1847.131 and 34.0.1847.132 are vulnerable. Google Chrome is a web browser developed by Google (Google). Caused by the program not merging blocks correctly. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2920-1 security@debian.org http://www.debian.org/security/ Michael Gilbert May 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733 CVE-2014-1734 CVE-2014-1735 CVE-2014-1736 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-1730 A type confusion issue was discovered in the v8 javascript library. CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. CVE-2014-1732 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2014-1733 Jed Davis discovered a way to bypass the seccomp-bpf sandbox. CVE-2014-1735 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library. CVE-2014-1736 SkyLined discovered an integer overlflow issue in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTZWJ6AAoJELjWss0C1vRzK+sgALIEDCn9Ud3owKNxdM6sglkB /yx9toTplWx2reGXn4qyfNPtxQMbS9AyIhcLEKMbIIrXaEY9CjB+JhfP6IC0RPCJ NLPd21uDo63LhiCkgtbNgftPcDK6NwaPy67Uui64zI/MkB6me4C3ECZB2nxmjNAO 0OJQMDQv217ei1w8QCIofouUbJU4Vq56mxpX7tEVUPJkgA6FE4aUNcrxKcKhdnxU WtUW49d1Q+6RcJjthugyWppzb9N+0ClxNpRADzMa5jgaiQxEBuRJewipiJhTQg5l XTB2o6V8G/+NWEqTJPe7t+QKwERE9yUp4pyiwMolttJffKm7ipgbDdIHTan/LYfu A5CQFT7cre7l4r90YtgAo/da/kwDs6whTAoiFb6hxhLLgarpsO5WjMFrCeGHZek1 weOMO6VbhLDaHJHKQOnIy2shhG850OX4twLznOnqZ2x3XcurhqjZEg8XaiFRQiPU p8d2Qy25XraAQ8fG71LKN7M5h6q8yWkofZFrVysNOSu7zeadZUfmO7OXE9vO4Gqu bA8P/1ihaH0+KcUJsd7yP0Lv+avtww++/4Ak1msUn95OiOynjuJ1e5VtEQFFyRDj fRWcJcG1ssKCIKB8lSuqVXcEyYDS5LpfRTcWJq/6Jutz+N5axWYlDBMZwq75CULR EkW6oUrZtq9dACLTBNtRqPF7ClBV6x42lgZ3nfKTly84/nS3tpsfQv8oKDRsckzm GsJPl/DKm/D73kJyZEqYChxiKE3i4WYmsjltcCXQi0PJzEqGnvFaWsAPISD3EEYz nIwpjBMXAYFyVwp16UcNj7uVjlf9ZQetY5dVEF//I3jjTUMWFadHQ0IYZaHpYRle ZC0fKv6xqGN5krE6ommWvAgkLlQdlupU+FT8abaXWyrnWTHTGi2bOFe0wlXzdUPh gp7zgaOehCI7CsMUxK8VeRXF19K4x1KfGUA+VVUsvXF5G5D6Ucowybi6ObTPqFDA LHDrIIL44cnPU4BqZ/KRfN/f0hfu1hHHD7TmonHbt7JeWIFqEWDvtDI4hx4kjaYc nHt1ZyK2YyGRZwJ8drhJi1+iYSRApx36nvIOZn6fa8rZDCqE1VObPOr6lyexuhge tnTDQta21hkXnyTEs/lYRbWK4K0KK4AXyWCtbiAJOe65/9eSd5Yq48dbfPBLUJSe XKFKhkTo0FNDLB2MsgVikTptvpiFG8dwoOrWqCBz9z23eAhFmVGM/vciNBLNyy2B QtSLd4+VSd/za51sldpN6ZFG4CTm6Z5NWGEnNxptHw5iE6cQHior+snS65HzbsQ5 ykJ5HqSGIsGLSkdeKC44XOfBUU9jU14llMOdf5OKx9vfmX/Hl3T0Z+jWwHpKpWk= =/B/T -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: August 30, 2014 Bugs: #504328, #504890, #507212, #508788, #510288, #510904, #512944, #517304, #519788, #521276 ID: 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Background ========== Chromium is an open-source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94" References ========== [ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Chrome 34.0.1847.131 and 34.0.1847.132 are vulnerable. Google Chrome is a web browser developed by Google (Google). An attacker could exploit this vulnerability to cause a denial of service or other effects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2920-1 security@debian.org http://www.debian.org/security/ Michael Gilbert May 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733 CVE-2014-1734 CVE-2014-1735 CVE-2014-1736 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-1730 A type confusion issue was discovered in the v8 javascript library. CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. CVE-2014-1732 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2014-1733 Jed Davis discovered a way to bypass the seccomp-bpf sandbox. CVE-2014-1735 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library. CVE-2014-1736 SkyLined discovered an integer overlflow issue in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTZWJ6AAoJELjWss0C1vRzK+sgALIEDCn9Ud3owKNxdM6sglkB /yx9toTplWx2reGXn4qyfNPtxQMbS9AyIhcLEKMbIIrXaEY9CjB+JhfP6IC0RPCJ NLPd21uDo63LhiCkgtbNgftPcDK6NwaPy67Uui64zI/MkB6me4C3ECZB2nxmjNAO 0OJQMDQv217ei1w8QCIofouUbJU4Vq56mxpX7tEVUPJkgA6FE4aUNcrxKcKhdnxU WtUW49d1Q+6RcJjthugyWppzb9N+0ClxNpRADzMa5jgaiQxEBuRJewipiJhTQg5l XTB2o6V8G/+NWEqTJPe7t+QKwERE9yUp4pyiwMolttJffKm7ipgbDdIHTan/LYfu A5CQFT7cre7l4r90YtgAo/da/kwDs6whTAoiFb6hxhLLgarpsO5WjMFrCeGHZek1 weOMO6VbhLDaHJHKQOnIy2shhG850OX4twLznOnqZ2x3XcurhqjZEg8XaiFRQiPU p8d2Qy25XraAQ8fG71LKN7M5h6q8yWkofZFrVysNOSu7zeadZUfmO7OXE9vO4Gqu bA8P/1ihaH0+KcUJsd7yP0Lv+avtww++/4Ak1msUn95OiOynjuJ1e5VtEQFFyRDj fRWcJcG1ssKCIKB8lSuqVXcEyYDS5LpfRTcWJq/6Jutz+N5axWYlDBMZwq75CULR EkW6oUrZtq9dACLTBNtRqPF7ClBV6x42lgZ3nfKTly84/nS3tpsfQv8oKDRsckzm GsJPl/DKm/D73kJyZEqYChxiKE3i4WYmsjltcCXQi0PJzEqGnvFaWsAPISD3EEYz nIwpjBMXAYFyVwp16UcNj7uVjlf9ZQetY5dVEF//I3jjTUMWFadHQ0IYZaHpYRle ZC0fKv6xqGN5krE6ommWvAgkLlQdlupU+FT8abaXWyrnWTHTGi2bOFe0wlXzdUPh gp7zgaOehCI7CsMUxK8VeRXF19K4x1KfGUA+VVUsvXF5G5D6Ucowybi6ObTPqFDA LHDrIIL44cnPU4BqZ/KRfN/f0hfu1hHHD7TmonHbt7JeWIFqEWDvtDI4hx4kjaYc nHt1ZyK2YyGRZwJ8drhJi1+iYSRApx36nvIOZn6fa8rZDCqE1VObPOr6lyexuhge tnTDQta21hkXnyTEs/lYRbWK4K0KK4AXyWCtbiAJOe65/9eSd5Yq48dbfPBLUJSe XKFKhkTo0FNDLB2MsgVikTptvpiFG8dwoOrWqCBz9z23eAhFmVGM/vciNBLNyy2B QtSLd4+VSd/za51sldpN6ZFG4CTm6Z5NWGEnNxptHw5iE6cQHior+snS65HzbsQ5 ykJ5HqSGIsGLSkdeKC44XOfBUU9jU14llMOdf5OKx9vfmX/Hl3T0Z+jWwHpKpWk= =/B/T -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: August 30, 2014 Bugs: #504328, #504890, #507212, #508788, #510288, #510904, #512944, #517304, #519788, #521276 ID: 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Background ========== Chromium is an open-source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94" References ========== [ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to Chrome 34.0.1847.131 and 34.0.1847.132 are vulnerable. Google Chrome is a web browser developed by Google (Google). A reuse-after-free vulnerability exists in the browser/ui/views/speech_recognition_bubble_views.cc file of Google Chrome 34.0.1847.130 and earlier versions based on Windows and OS X platforms and Google Chrome 34.0.1847.131 and earlier versions based on Linux platforms. A remote attacker can use the INPUT element to exploit this vulnerability to cause denial of service or other effects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2920-1 security@debian.org http://www.debian.org/security/ Michael Gilbert May 03, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-1730 CVE-2014-1731 CVE-2014-1732 CVE-2014-1733 CVE-2014-1734 CVE-2014-1735 CVE-2014-1736 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-1730 A type confusion issue was discovered in the v8 javascript library. CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. CVE-2014-1732 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2014-1733 Jed Davis discovered a way to bypass the seccomp-bpf sandbox. CVE-2014-1735 The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library. CVE-2014-1736 SkyLined discovered an integer overlflow issue in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTZWJ6AAoJELjWss0C1vRzK+sgALIEDCn9Ud3owKNxdM6sglkB /yx9toTplWx2reGXn4qyfNPtxQMbS9AyIhcLEKMbIIrXaEY9CjB+JhfP6IC0RPCJ NLPd21uDo63LhiCkgtbNgftPcDK6NwaPy67Uui64zI/MkB6me4C3ECZB2nxmjNAO 0OJQMDQv217ei1w8QCIofouUbJU4Vq56mxpX7tEVUPJkgA6FE4aUNcrxKcKhdnxU WtUW49d1Q+6RcJjthugyWppzb9N+0ClxNpRADzMa5jgaiQxEBuRJewipiJhTQg5l XTB2o6V8G/+NWEqTJPe7t+QKwERE9yUp4pyiwMolttJffKm7ipgbDdIHTan/LYfu A5CQFT7cre7l4r90YtgAo/da/kwDs6whTAoiFb6hxhLLgarpsO5WjMFrCeGHZek1 weOMO6VbhLDaHJHKQOnIy2shhG850OX4twLznOnqZ2x3XcurhqjZEg8XaiFRQiPU p8d2Qy25XraAQ8fG71LKN7M5h6q8yWkofZFrVysNOSu7zeadZUfmO7OXE9vO4Gqu bA8P/1ihaH0+KcUJsd7yP0Lv+avtww++/4Ak1msUn95OiOynjuJ1e5VtEQFFyRDj fRWcJcG1ssKCIKB8lSuqVXcEyYDS5LpfRTcWJq/6Jutz+N5axWYlDBMZwq75CULR EkW6oUrZtq9dACLTBNtRqPF7ClBV6x42lgZ3nfKTly84/nS3tpsfQv8oKDRsckzm GsJPl/DKm/D73kJyZEqYChxiKE3i4WYmsjltcCXQi0PJzEqGnvFaWsAPISD3EEYz nIwpjBMXAYFyVwp16UcNj7uVjlf9ZQetY5dVEF//I3jjTUMWFadHQ0IYZaHpYRle ZC0fKv6xqGN5krE6ommWvAgkLlQdlupU+FT8abaXWyrnWTHTGi2bOFe0wlXzdUPh gp7zgaOehCI7CsMUxK8VeRXF19K4x1KfGUA+VVUsvXF5G5D6Ucowybi6ObTPqFDA LHDrIIL44cnPU4BqZ/KRfN/f0hfu1hHHD7TmonHbt7JeWIFqEWDvtDI4hx4kjaYc nHt1ZyK2YyGRZwJ8drhJi1+iYSRApx36nvIOZn6fa8rZDCqE1VObPOr6lyexuhge tnTDQta21hkXnyTEs/lYRbWK4K0KK4AXyWCtbiAJOe65/9eSd5Yq48dbfPBLUJSe XKFKhkTo0FNDLB2MsgVikTptvpiFG8dwoOrWqCBz9z23eAhFmVGM/vciNBLNyy2B QtSLd4+VSd/za51sldpN6ZFG4CTm6Z5NWGEnNxptHw5iE6cQHior+snS65HzbsQ5 ykJ5HqSGIsGLSkdeKC44XOfBUU9jU14llMOdf5OKx9vfmX/Hl3T0Z+jWwHpKpWk= =/B/T -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: August 30, 2014 Bugs: #504328, #504890, #507212, #508788, #510288, #510904, #512944, #517304, #519788, #521276 ID: 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Background ========== Chromium is an open-source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94" References ========== [ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5