Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.702905
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 2905-1 (chromium-browser - security update)
Resumen:Several vulnerabilities were;discovered in the chromium web browser.;;CVE-2014-1716;A cross-site scripting issue was discovered in the v8 javascript;library.;;CVE-2014-1717;An out-of-bounds read issue was discovered in the v8 javascript;library.;;CVE-2014-1718;Aaron Staple discovered an integer overflow issue in chromium's;software compositor.;;CVE-2014-1719;Colin Payne discovered a use-after-free issue in the web workers;implementation.;;CVE-2014-1720;cloudfuzzer discovered a use-after-free issue in the Blink/Webkit;document object model implementation.;;CVE-2014-1721;Christian Holler discovered a memory corruption issue in the v8;javascript library.;;CVE-2014-1722;miaubiz discovered a use-after-free issue in block rendering.;;CVE-2014-1723;George McBay discovered a url spoofing issue.;;CVE-2014-1724;Atte Kettunen discovered a use-after-free issue in freebsoft's;libspeechd library.;;Because of this issue, the text-to-speech feature is now disabled;by default ('--enable-speech-dispatcher' at the command-line can;re-enable it).;;CVE-2014-1725;An out-of-bounds read was discovered in the base64 implementation.;;CVE-2014-1726;Jann Horn discovered a way to bypass the same origin policy.;;CVE-2014-1727;Khalil Zhani discovered a use-after-free issue in the web color;chooser implementation.;;CVE-2014-1728;The Google Chrome development team discovered and fixed multiple;issues with potential security impact.;;CVE-2014-1729;The Google Chrome development team discovered and fixed multiple;issues in version 3.24.35.22 of the v8 javascript library.
Descripción:Summary:
Several vulnerabilities were
discovered in the chromium web browser.

CVE-2014-1716
A cross-site scripting issue was discovered in the v8 javascript
library.

CVE-2014-1717
An out-of-bounds read issue was discovered in the v8 javascript
library.

CVE-2014-1718
Aaron Staple discovered an integer overflow issue in chromium's
software compositor.

CVE-2014-1719
Colin Payne discovered a use-after-free issue in the web workers
implementation.

CVE-2014-1720
cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
document object model implementation.

CVE-2014-1721
Christian Holler discovered a memory corruption issue in the v8
javascript library.

CVE-2014-1722
miaubiz discovered a use-after-free issue in block rendering.

CVE-2014-1723
George McBay discovered a url spoofing issue.

CVE-2014-1724
Atte Kettunen discovered a use-after-free issue in freebsoft's
libspeechd library.

Because of this issue, the text-to-speech feature is now disabled
by default ('--enable-speech-dispatcher' at the command-line can
re-enable it).

CVE-2014-1725
An out-of-bounds read was discovered in the base64 implementation.

CVE-2014-1726
Jann Horn discovered a way to bypass the same origin policy.

CVE-2014-1727
Khalil Zhani discovered a use-after-free issue in the web color
chooser implementation.

CVE-2014-1728
The Google Chrome development team discovered and fixed multiple
issues with potential security impact.

CVE-2014-1729
The Google Chrome development team discovered and fixed multiple
issues in version 3.24.35.22 of the v8 javascript library.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (wheezy),
these problems have been fixed in version 34.0.1847.116-1~
deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 34.0.1847.116-1.

We recommend that you upgrade your chromium-browser packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-1716
Debian Security Information: DSA-2905 (Google Search)
http://www.debian.org/security/2014/dsa-2905
http://security.gentoo.org/glsa/glsa-201408-16.xml
SuSE Security Announcement: openSUSE-SU-2014:0601 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-1717
Common Vulnerability Exposure (CVE) ID: CVE-2014-1718
Common Vulnerability Exposure (CVE) ID: CVE-2014-1719
Common Vulnerability Exposure (CVE) ID: CVE-2014-1720
Common Vulnerability Exposure (CVE) ID: CVE-2014-1721
Common Vulnerability Exposure (CVE) ID: CVE-2014-1722
Common Vulnerability Exposure (CVE) ID: CVE-2014-1723
Common Vulnerability Exposure (CVE) ID: CVE-2014-1724
Common Vulnerability Exposure (CVE) ID: CVE-2014-1725
Common Vulnerability Exposure (CVE) ID: CVE-2014-1726
Common Vulnerability Exposure (CVE) ID: CVE-2014-1727
Common Vulnerability Exposure (CVE) ID: CVE-2014-1728
Common Vulnerability Exposure (CVE) ID: CVE-2014-1729
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.