Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0754 chromium-browser security update 19 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium-browser Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-1742 CVE-2014-1741 CVE-2014-1740 Reference: ASB-2014.0060 Original Bulletin: http://www.debian.org/security/2014/dsa-2930 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2930-1 security@debian.org http://www.debian.org/security/ Michael Gilbert May 17, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-1740 CVE-2014-1741 CVE-2014-1742 Several vulnerabilties have been discovered in the chromium web browser. CVE-2014-1740 Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation. CVE-2014-1741 John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation. CVE-2014-1742 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit text editing feature. For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.137-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.137-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTd6vsAAoJELjWss0C1vRzzlwgAL0YcUYVeTRxkjLQZzr2dl5I JuSD4Fl3Of8mB1TCPki9u70HLI6joDROXjtWe8pqOO65T5eVVJzmnanUhuMytwRe Iv8s3k4PWgbjhJbZV/c3FYs/vhVn28zsJr1S4g8BSjT7AX90De32K2uqSzTbZ3dX hUPaYM0CTs2sJAo3hhcwmc/WbB5FDhonLTuZZtcuHnkcMRYZkxDT0BOB19fApP1Y OK+Xd9/cZhmFBY/Kn2IyOU2BQY0DX5xPe/E9PYGT5GHGd6FhrM+yDYOQgRoUEAxD iOsYZz++YhMmTSNEhPHmZw19q/wSR4ZE4EzP0gNju0k+wOCDvNySUUSPr6eSCXT7 03+Bi/+8j0gxKTfNt5Ot4Ihzb4m4/pukI0YTK52Oe1n30yV2Z3dEQMVFNQVkrv0z fmF7QoWskVYJZYqQot52OYllfCC1J2b/XRagdE06GkPEogh5G6vWIAbSXCm9LHsS k2I5Oob9oOtqlXWNY0ucKiOvNtjP7r/Dy2lErAH5GEPb/Enfq2qkBJRbfPuU0Lye xdlg1P0edzzCK1lrYobgVTZEsRByFy4hBYgx4soMTO1ZQrUmJ+B/97lY01EbCiO+ Z7Ary/r5vo1GEfMeZ51f8XtiJnJznW5Wo5yL+rrP6lWYSFKUAk+yDtUKzdf278Il lald0aEp6Vvl2o8Y16v32TLi0k7MVYEf2ffHw5cXr8Jn7QiQyxVEoVjhi5vDhPPe xZhB0Ss6FiyBlBLqtSJ8A9yNBW0u9UWgb3YEPvogdrEzbCS6WRkZpCSwHGdVaFYI O5P+6gAVm8Aeci1Y6aTg8gVRbjEGU2yHLRFXmvkanIz1MExcVDYB3HRb/MIKtn+U rklIVuWXrfQ50VMtSxFM/pC1bIC7PkdqC902LuSUEimACghN1QXGQnQgIVoUhvSw IGU5PCYSGVI0U9m/z35mOwumDX3JtkAPM1nZD+5LpY/h7IyWYjN9Br9QEuIlWunS QPD+kbSluAzKXJjtNny1Y+58vvG0jq1hMVPNY0BXtaVeJ2kmOu4ex8qobhWd3hcB YP+YfrTXFOsx5HmBxlJvFcsJ2QuP8wBPC66p+IcQT5q3ShpyDQVmAnjemCcM65rh AeP4dnKojkzPXE6vsEh4vbCbpudQ63ZsNUIRQr0/4K7tlkp9DVvw/78YON8VOhLZ 8QuybOkE3OBLsoMt2I0DaUwGJAJE29yswppYUAMifwvTUcCHTqFPgNxXc//hVWPK r71jJtg8iCLkFAiXZgmQvYl34yGc3kGpFlyq8C7AF9oNhnnp2LP3gpoEK5QHM1cz JWCpl9jcaCi+EM5MacwIlMdVhtSvx6dDzoAOCE5vFZ0a39ONShVDrKGFIJRzBSk= =y9a+ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU3mrHBLndAQH1ShLAQKe0w/+L4mk63+sJOn1EWNbhuT9s3M91KqcVvyB eOzAj/B+KQZgFVL1wszBWon1lukYb4UwYo3n+xDLCLzOGP7Xk+YoJpLhviUbciyF QahGInHai+5kSP/bj8cTX/dz72lCyTZmrX7ZlKS7FmY8rsMZ6YkC5/Bd2P57mEsi mkiIM4bewP0yF1pY+2XGOTNumVXf1ELJTUPeVb3hDb4grRC3F9e5k5mtLBPSJp1t OkPmbcJRSzpycC6o8rWQO/ZmIwP5r6ygUok9Da/CmWNiuamSq6KWLLIL9MLJDdWJ gaPS+RaQvvxbLmZ1lMYDYG5uGiI0IBiemdyqDlBOLucQ7P1qRdskpaS4T00Hq45D 57C9myaCPH7hdqGyLLtlBAr8ULQ/u89QCcqPGMvwdDNJXbzBUo2LXMSXSXyFUi/t lUMI/3OICCopWtX8nvY/ay8ghxagSXnHzO7B6fDvi7apuQvnAEt1CkrV/IMY3GDt wU5yrxNy3++t6PwqSr2r62giws68PZuY+pDr7YD8fgedYJs/AEnt2k1BXJqkiwDT nYklIbizHFHXrH0I8uvZT2Tb56LUgvKfhKflzHz4ab647kn4O9vs6C2qUJcR5us6 n4Q5n2SL2NT3Xo+pGQOqRr9wFQpwDJy4Av6ERAR5orWxehvpmgMW9JpW2LzjiIsw RAop7Z2gydI= =j6xo -----END PGP SIGNATURE-----