VARIoT IoT vulnerabilities database

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the kxClientDownload.ocx ActiveX control. An attacker can leverage this vulnerability to execute code under the context of the administrator. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Multiple WellinTech products are prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Python is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Python 2.7,3.1,3.2,3.3 are vulnerable. The language is scalable, supports modules and packages, and supports multiple platforms. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Python 3.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1" All Python 2.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1" References ========== [ 1 ] CVE-2013-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752 [ 2 ] CVE-2013-7338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338 [ 3 ] CVE-2014-1912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912 [ 4 ] CVE-2014-2667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667 [ 5 ] CVE-2014-4616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616 [ 6 ] CVE-2014-7185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185 [ 7 ] CVE-2014-9365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201503-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python27 security, bug fix, and enhancement update Advisory ID: RHSA-2015:1064-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1064.html Issue date: 2015-06-04 CVE Names: CVE-2013-1752 CVE-2013-1753 CVE-2014-1912 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185 ===================================================================== 1. Summary: Updated python27 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version. (BZ#1167912) The following security issues were fixed in the python27-python component: It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) The following security issue was fixed in the python27-python and python27-python-simplejson components: A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) In addition, this update adds the following enhancement: * The python27 Software Collection now includes the python-wheel and python-pip modules. (BZ#994189, BZ#1167902) All python27 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running python27 instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 994189 - Please create a python-pip build for the python 2.7 and 3.3 SCL environments on RHEL 6 1046170 - CVE-2013-1753 python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding 1046174 - CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib 1062370 - CVE-2014-1912 python: buffer overflow in socket.recvfrom_into() 1112285 - CVE-2014-4616 python: missing boundary check in JSON module 1113527 - CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs 1146026 - CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read 1167912 - Update Python in python27 SCL to Python 2.7.8 1170993 - RPM macro rpm/macros.python2.python27 references non-existing /usr/lib/rpm/brp-scl-compress 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: python27-1.1-20.el7.src.rpm python27-python-2.7.8-3.el7.src.rpm python27-python-pip-1.5.6-5.el7.src.rpm python27-python-setuptools-0.9.8-5.el7.src.rpm python27-python-simplejson-3.2.0-3.el7.src.rpm python27-python-wheel-0.24.0-2.el7.src.rpm noarch: python27-python-pip-1.5.6-5.el7.noarch.rpm python27-python-setuptools-0.9.8-5.el7.noarch.rpm python27-python-wheel-0.24.0-2.el7.noarch.rpm x86_64: python27-1.1-20.el7.x86_64.rpm python27-python-2.7.8-3.el7.x86_64.rpm python27-python-debug-2.7.8-3.el7.x86_64.rpm python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm python27-python-devel-2.7.8-3.el7.x86_64.rpm python27-python-libs-2.7.8-3.el7.x86_64.rpm python27-python-simplejson-3.2.0-3.el7.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm python27-python-test-2.7.8-3.el7.x86_64.rpm python27-python-tools-2.7.8-3.el7.x86_64.rpm python27-runtime-1.1-20.el7.x86_64.rpm python27-scldevel-1.1-20.el7.x86_64.rpm python27-tkinter-2.7.8-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: python27-1.1-20.el7.src.rpm python27-python-2.7.8-3.el7.src.rpm python27-python-pip-1.5.6-5.el7.src.rpm python27-python-setuptools-0.9.8-5.el7.src.rpm python27-python-simplejson-3.2.0-3.el7.src.rpm python27-python-wheel-0.24.0-2.el7.src.rpm noarch: python27-python-pip-1.5.6-5.el7.noarch.rpm python27-python-setuptools-0.9.8-5.el7.noarch.rpm python27-python-wheel-0.24.0-2.el7.noarch.rpm x86_64: python27-1.1-20.el7.x86_64.rpm python27-python-2.7.8-3.el7.x86_64.rpm python27-python-debug-2.7.8-3.el7.x86_64.rpm python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm python27-python-devel-2.7.8-3.el7.x86_64.rpm python27-python-libs-2.7.8-3.el7.x86_64.rpm python27-python-simplejson-3.2.0-3.el7.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm python27-python-test-2.7.8-3.el7.x86_64.rpm python27-python-tools-2.7.8-3.el7.x86_64.rpm python27-runtime-1.1-20.el7.x86_64.rpm python27-scldevel-1.1-20.el7.x86_64.rpm python27-tkinter-2.7.8-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-1752 https://access.redhat.com/security/cve/CVE-2013-1753 https://access.redhat.com/security/cve/CVE-2014-1912 https://access.redhat.com/security/cve/CVE-2014-4616 https://access.redhat.com/security/cve/CVE-2014-4650 https://access.redhat.com/security/cve/CVE-2014-7185 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVcBZ/XlSAg2UNWIIRAojaAKC/1aPfLPbhJulkzyGMdfoFYq3itwCgns9a lOwtT2ZeE8hH6JpnObD51MU= =ulrW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University) Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX] bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org) Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078 ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844 Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600 OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422 PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365 QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold] SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033 OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752). Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752). A gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753). Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185). When Python&#039;s standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365). The python-pip and tix packages was added due to missing build dependencies. The verification of md5 checksums and GPG signatures is performed automatically for you. For the stable distribution (wheezy), these problems have been fixed in version 2.7.3-6+deb7u2. For the unstable distribution (sid), these problems have been fixed in version 2.7.6-7. It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True (CVE-2014-2667)

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. (DoS) An attack may be carried out. Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Hotspot' sub-component. This vulnerability affects the following supported versions: Java SE 7u45 on OS X. Oracle Java SE is a standard version of the Java platform of Oracle Corporation, which is used to develop and deploy desktops, servers, and Java applications embedded in devices and real-time environments. ============================================================================ Ubuntu Security Notice USN-2089-1 January 23, 2014 openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896, CVE-2013-5910) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to expose sensitive data over the network or cause a denial of service. (CVE-2014-0423) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.10.1 openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.10.1 Ubuntu 13.04: icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.13.04.2 openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.13.04.2 Ubuntu 12.10: icedtea-7-jre-cacao 7u51-2.4.4-0ubuntu0.12.10.2 icedtea-7-jre-jamvm 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre-headless 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre-lib 7u51-2.4.4-0ubuntu0.12.10.2 openjdk-7-jre-zero 7u51-2.4.4-0ubuntu0.12.10.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2089-1 CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884, CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0408, Package Information: https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.13.10.1 https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.13.04.2 https://launchpad.net/ubuntu/+source/openjdk-7/7u51-2.4.4-0ubuntu0.12.10.2 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Background ========== The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the jump operation code. The issue lies in the failure of the ActionScript Virtual Machine to properly sanitize values before jumping to them. An attacker can leverage this vulnerability to leak addresses from Flash.ocx within the current process. Attackers can exploit this issue to gain access to sensitive information; this may aid in the execution of arbitrary code. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Address disclosure vulnerabilities exist in several Adobe products. Attackers can exploit this vulnerability to destroy the ASLR protection mechanism. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0028-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0028.html Issue date: 2014-01-15 CVE Names: CVE-2014-0491 CVE-2014-0492 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-02, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1053233 - CVE-2014-0491 flash-plugin: security protection bypass (APSB14-02) 1053235 - CVE-2014-0492 flash-plugin: memory address layout randomization defeat (APSB14-02) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.335-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.335-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.335-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.335-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.335-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.335-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.335-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.335-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.335-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.335-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0491.html https://www.redhat.com/security/data/cve/CVE-2014-0492.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-02.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS1mo5XlSAg2UNWIIRAjF3AJ9x66tioj5HSmFU/HvO9WIkLIwYDQCfZGx7 yZGuqfbbQeLtY4YWCbh+gHI= =evNa -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.202.336" References ========== [ 1 ] CVE-2013-5329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329 [ 2 ] CVE-2013-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330 [ 3 ] CVE-2013-5331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331 [ 4 ] CVE-2013-5332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332 [ 5 ] CVE-2014-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491 [ 6 ] CVE-2014-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492 [ 7 ] CVE-2014-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Permissions and access control vulnerabilities exist in several Adobe products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:0028-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0028.html Issue date: 2014-01-15 CVE Names: CVE-2014-0491 CVE-2014-0492 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-02, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2014-0491, CVE-2014-0492) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.335. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1053233 - CVE-2014-0491 flash-plugin: security protection bypass (APSB14-02) 1053235 - CVE-2014-0492 flash-plugin: memory address layout randomization defeat (APSB14-02) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.335-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.335-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.335-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.335-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.335-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.335-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.335-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.335-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.335-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.335-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0491.html https://www.redhat.com/security/data/cve/CVE-2014-0492.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-02.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFS1mo5XlSAg2UNWIIRAjF3AJ9x66tioj5HSmFU/HvO9WIkLIwYDQCfZGx7 yZGuqfbbQeLtY4YWCbh+gHI= =evNa -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-plugins/adobe-flash-11.2.202.336" References ========== [ 1 ] CVE-2013-5329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5329 [ 2 ] CVE-2013-5330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5330 [ 3 ] CVE-2013-5331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331 [ 4 ] CVE-2013-5332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332 [ 5 ] CVE-2014-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491 [ 6 ] CVE-2014-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492 [ 7 ] CVE-2014-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. Yahoo! Toolbar for FireFox is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. Y! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and Windows Version 2.5.9.2013418100420. Report URL: http://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html Cheers! - -D -----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526 wsBVAwUBUtZ/hHz+WcLIygj0AQiqowf8Cr/oHbnVurNR8LtsZGmt/X/FM4K/MHkL bBKBllEtWpYZZXg76DmM0qYrvbzXk3dYN8i04OA2FXPJEZguoEQVBqgwzfmfeEHP b+cOsgR/+MJ/1iQ0q6RcXrghYXmyjSmzxXcGF7wsVSOtLmnrSbAxx+/VJiknCRRC Y0H0Tbc1HB5kPjQu0Fax1+PCbMRspAFiMBpV0ZDvhnDNaMgkhUMVhI8489aLnwxt qHGCXMvw9eSJkzE4Du82LbYNQbgtrffj+mwWEwFMeuB1euBMklvo/QdLp7Bcn49g R5/Eyh+LbRzD5NB3BL2QTm1jW7SYCAKvtd7H/GJWoKgj+joNG/N9Lg== =mH1u -----END PGP SIGNATURE-----

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser and gain unauthorized access, spoof the displayed URI in the address bar, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 32.0.1700.76 are vulnerable. Note: The issue described by CVE-2013-6643 has been moved to BID 64981 (Google Chrome CVE-2013-6643 Unspecified Security Vulnerability) for better documentation. Google Chrome is a web browser developed by Google (Google). A remote attacker could exploit this vulnerability to cause a denial of service or other effects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 05, 2014 Bugs: #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372 ID: 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1= 46" Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: # emerge --unmerge "dev-lang/v8" References ========== [ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ] CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201403-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/ z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0 ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7 Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1 T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ 0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA= =yzUa -----END PGP SIGNATURE-----

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser and gain unauthorized access, spoof the displayed URI in the address bar, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 32.0.1700.76 are vulnerable. Note: The issue described by CVE-2013-6643 has been moved to BID 64981 (Google Chrome CVE-2013-6643 Unspecified Security Vulnerability) for better documentation. Google Chrome is a web browser developed by Google (Google). A remote attacker could exploit this vulnerability to cause a denial of service or other effects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 05, 2014 Bugs: #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372 ID: 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1= 46" Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: # emerge --unmerge "dev-lang/v8" References ========== [ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ] CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201403-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/ z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0 ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7 Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1 T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ 0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA= =yzUa -----END PGP SIGNATURE-----

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser and gain unauthorized access, spoof the displayed URI in the address bar, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 32.0.1700.76 are vulnerable. Note: The issue described by CVE-2013-6643 has been moved to BID 64981 (Google Chrome CVE-2013-6643 Unspecified Security Vulnerability) for better documentation. Google Chrome is a web browser developed by Google (Google). An attacker could exploit this vulnerability to cause a denial of service or other effects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 05, 2014 Bugs: #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372 ID: 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1= 46" Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: # emerge --unmerge "dev-lang/v8" References ========== [ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ] CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201403-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/ z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0 ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7 Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1 T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ 0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA= =yzUa -----END PGP SIGNATURE-----

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. Google Chrome is prone to an unspecified security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. Note: This issue was previously covered in BID 64805 (Google Chrome Prior to 32.0.1700.76 Multiple Security Vulnerabilities), but has been given its own record for better documentation. Google Chrome is a web browser developed by Google (Google). The ' A security vulnerability exists in OneClickSigninBubbleView::WindowClosing' function. The vulnerability stems from the program's incorrect handling of untrusted login confirmation boxes. An attacker could exploit this vulnerability to sync any Google account. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 05, 2014 Bugs: #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372 ID: 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1= 46" Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: # emerge --unmerge "dev-lang/v8" References ========== [ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ] CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201403-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/ z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0 ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7 Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1 T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ 0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA= =yzUa -----END PGP SIGNATURE-----

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser and gain unauthorized access, spoof the displayed URI in the address bar, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 32.0.1700.76 are vulnerable. Note: The issue described by CVE-2013-6643 has been moved to BID 64981 (Google Chrome CVE-2013-6643 Unspecified Security Vulnerability) for better documentation. Google Chrome is a web browser developed by Google (Google). Blink is a browser typesetting engine (rendering engine) jointly developed by Google and Opera Software. A remote attacker could exploit this vulnerability to cause a denial of service or other effects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: March 05, 2014 Bugs: #486742, #488148, #491128, #491326, #493364, #498168, #499502, #501948, #503372 ID: 201403-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146 2 dev-lang/v8 < 3.20.17.13 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1= 46" Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8: # emerge --unmerge "dev-lang/v8" References ========== [ 1 ] CVE-2013-2906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906 [ 2 ] CVE-2013-2907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907 [ 3 ] CVE-2013-2908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908 [ 4 ] CVE-2013-2909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909 [ 5 ] CVE-2013-2910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910 [ 6 ] CVE-2013-2911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911 [ 7 ] CVE-2013-2912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912 [ 8 ] CVE-2013-2913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913 [ 9 ] CVE-2013-2915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915 [ 10 ] CVE-2013-2916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916 [ 11 ] CVE-2013-2917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917 [ 12 ] CVE-2013-2918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918 [ 13 ] CVE-2013-2919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919 [ 14 ] CVE-2013-2920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920 [ 15 ] CVE-2013-2921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921 [ 16 ] CVE-2013-2922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922 [ 17 ] CVE-2013-2923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923 [ 18 ] CVE-2013-2925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925 [ 19 ] CVE-2013-2926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926 [ 20 ] CVE-2013-2927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927 [ 21 ] CVE-2013-2928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928 [ 22 ] CVE-2013-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931 [ 23 ] CVE-2013-6621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621 [ 24 ] CVE-2013-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622 [ 25 ] CVE-2013-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623 [ 26 ] CVE-2013-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624 [ 27 ] CVE-2013-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625 [ 28 ] CVE-2013-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626 [ 29 ] CVE-2013-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627 [ 30 ] CVE-2013-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628 [ 31 ] CVE-2013-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632 [ 32 ] CVE-2013-6634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634 [ 33 ] CVE-2013-6635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635 [ 34 ] CVE-2013-6636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636 [ 35 ] CVE-2013-6637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637 [ 36 ] CVE-2013-6638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638 [ 37 ] CVE-2013-6639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639 [ 38 ] CVE-2013-6640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640 [ 39 ] CVE-2013-6641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641 [ 40 ] CVE-2013-6643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643 [ 41 ] CVE-2013-6644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644 [ 42 ] CVE-2013-6645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645 [ 43 ] CVE-2013-6646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646 [ 44 ] CVE-2013-6649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649 [ 45 ] CVE-2013-6650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650 [ 46 ] CVE-2013-6652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652 [ 47 ] CVE-2013-6653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653 [ 48 ] CVE-2013-6654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654 [ 49 ] CVE-2013-6655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655 [ 50 ] CVE-2013-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656 [ 51 ] CVE-2013-6657 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657 [ 52 ] CVE-2013-6658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658 [ 53 ] CVE-2013-6659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659 [ 54 ] CVE-2013-6660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660 [ 55 ] CVE-2013-6661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661 [ 56 ] CVE-2013-6663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663 [ 57 ] CVE-2013-6664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664 [ 58 ] CVE-2013-6665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665 [ 59 ] CVE-2013-6666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666 [ 60 ] CVE-2013-6667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667 [ 61 ] CVE-2013-6668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668 [ 62 ] CVE-2013-6802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802 [ 63 ] CVE-2014-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201403-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature. CVE-2013-6644 The chrome development team discovered and fixed multiple issues with potential security impact. CVE-2013-6645 Khalil Zhani discovered a use-after-free issue related to speech input. CVE-2013-6646 Colin Payne discovered a use-after-free issue in the web workers implementation. CVE-2013-6649 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation. CVE-2013-6650 Christian Holler discovered a memory corruption in the v8 javascript library. For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/ z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0 ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7 Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1 T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ 0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA= =yzUa -----END PGP SIGNATURE-----

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. NAS Server N8800 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands in context of the affected application

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. Successfully exploiting this issue may allow attackers to obtain sensitive information from the application, that may aid in further attacks

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. Attackers can exploit this issue to gain access to the application credentials by sniffing network traffic through a man-in-the-middle attack. Successful exploits will lead to other attacks

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php. (1) service/kbot_service.php To getUploadPath request (2) service/kbot_service.php To getKBot SOAP request (3) userui/advisory_detail.php of ID Parameters (4) userui/ticket.php of ID Parameters (5) userui/ticket_list.php of ORDER[] Parameters. Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Dell Kace 1000 Systems Management Appliance 5.4.76847 is vulnerable; other versions may also be affected. Dell KACE K1000 is a set of IT equipment management solutions in the KACE system management series of Dell (Dell). This solution provides functions such as software distribution, configuration management, patch installation, and security vulnerability remediation. The vulnerability is caused by (1) the service/kbot_service.php script does not correctly filter the 'macAddres' element in the getUploadPath and getKBot SOAP requests; (2) userui/advisory_detail The .php and userui/ticket.php scripts did not filter the 'ID' parameter correctly; (3) the userui/ticket_list.php script did not filter the 'ORDER[]' parameter correctly

The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. Starbucks is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information from the application, that may aid in further attacks. Starbucks 2.6.1 is vulnerable; other versions may also be affected. Starbucks is a set of mobile applications for the IOS platform of Starbucks in the United States. The application supports GPS automatic positioning, querying product introductions, understanding event information, etc

The Feixun FWR-604H diagnosis.asp script failed to properly filter the 'system_command' parameter data, allowing remote attackers to exploit the vulnerability to execute arbitrary commands. Feixun FWR-604H is a 150M enhanced wireless router product from China Feixun. A remote code execution vulnerability exists in Feixun FWR-604H. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device. There are vulnerabilities in Feixun FWR-604H version 1.0, other versions may also be affected. An information disclosure vulnerability exists in the firmware NetGear N150 WNR1000v3 running 1.0.2.60_60.0.86, 1.0.2.54_60.0.82NA and 1.0.2.62_60.0.87 firmware. NetGear N150 WNR1000v3 is prone to an information-disclosure vulnerability