Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0976 chromium-browser security update 16 June 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium-browser Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-3157 CVE-2014-3156 CVE-2014-3155 CVE-2014-3154 Reference: ASB-2014.0067 Original Bulletin: http://www.debian.org/security/2014/dsa-2959 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2959-1 security@debian.org http://www.debian.org/security/ Michael Gilbert June 14, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-3154 CVE-2014-3155 CVE-2014-3156 CVE-2014-3157 Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-3154 Collin Payne discovered a use-after-free issue in the filesystem API. CVE-2014-3155 James March, Daniel Sommermann, and Alan Frindell discovered several out-of-bounds read issues in the SPDY protocol implementation. CVE-2014-3156 Atte Kettunen discovered a buffer overflow issue in bitmap handling in the clipboard implementation. CVE-2014-3157 A heap-based buffer overflow issue was discovered in chromium's ffmpeg media filter. In addition, this version corrects a regression in the previous update. Support for older i386 processors had been dropped. This functionality is now restored. For the stable distribution (wheezy), these problems have been fixed in version 35.0.1916.153-1~deb7u1. For the testing (jessie) and unstable (sid) distribution, these problems have been fixed in version 35.0.1916.153-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTnIzkAAoJELjWss0C1vRzk20f/3xH0L9p4hHsEb1i2nwj3U4R Y88r+2XDp+foO5sR7PTLVm6xmO0LbdfNzJLghysP/8w4Kd62/nYjDZ0IsuNedJdk k0ezzA6u+CHNK5QY2v6hjBgxvX0CFmstnF1+BMGSTG5Gd53cPpxlrQ/Xhsztxa0i weC0s7dArKY0O1wJcruog0ayvlzl/c4+1s+Kha7T84F2aTMGQ1Ul678TvjH0r5/K lRClxYPn3i6ETb2p5YA3thsgmb8qhIkC/S2mNirG0T5ghb2KJ9UuJRINikeTjCNe /dRKG6dZiYBb1QUkWI/oAwUdyzjho3ua7oOyt6wLqCeq6/QTw869qOUBaDa4LhHr YhC9lSggMs+4MM06Xlo2/4Rgm17tnU+T6ceoB4iVFjt3s1A1parPX1/IQESDTVoQ yAViCXH/R6wvER5i5B7dZ5MJ4u3K629l6cW6rRBQ8fhG2njjcUDnqhgRIgyiBZ6/ WC9naPaYcA+fBTvq71iVk6IBLVG8/azccB4l2o73A99Hxxahg9sDDOAucobXIIb6 86npzVmhwgxUgTR8zDoZPLfBOMr/fMZKdfwr+3/1r+xRIU4N/nxBh7EHhz/2JPTX DSaFNAIsSShOlOawJStq0q4dt/QgVZ/KZrLcQxNBXFbHZBZt+QC2tkWRYzFkTvUE bSQN9iIfWKcamzuapTcwoN/a8sgYpTxuPQbgv9JWC974I88LyQI2/joHCcPms5Zw aZmMp06j4peYDyVjSSjUUJEz6WuBK2PhBdScf7JI/bSy2D4G6HrEKa8yQ8VWbb2d RvIQaI6J6oHPXQs6Wk/Oph9e7M7j8N+Jn4gsnjRuxmdngxeUDQdD6MwPYocp8R3S ch8+OOrjrV6mhdJllOA4Or0+HnGDvEae0rR7xGFEZgAGzTTwM0Luu4Dxw5+a50M9 81tx2cAZGmLgS+0NOIthb3xFaKqAg6z//jeUOwamCQ7Y8/wtsqn9Z0G1m21BE81s 95aWlEWVuv0LK6JF+SMs5ZdGF8uMPgDVLTrsvd0ID+OIN+3r1DSGYs/rERbSRIts 1Gufd1FW5/jst6EPdXKEyqstMgdGNVyjYqsBFvPmpkHVl0n/fwr+0oC7GFHwgZhw vOT0SW6d75T6pBY1LZHx4HU/S0FI8aeK91OnbF2HYOE09UJjJFjAN/vvgcdOF7Wm 0REMyGfTRdXmADIr7bey2wtiqNdSFEU64P6/L1vK2g6afZhx9yYSxe1NgVc80oI1 fAvghpO6jZ81DYJBaTXAx4ZMg+6qHV4kr/34ZUbtqJmHE0zWcptvc34yIjetdkRK ubJBir7LFDLHAKXtWw5OqALiinhTev2OZxTn2nKsvlAXkBhVxLh7XIzpnwcQMgA= =ZO4y - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU54uQBLndAQH1ShLAQLPChAAgOx0eOAMvrMD4w2i1gNQNpBn9F/vOQ10 GfaecNMR9MSZhpEq/TJUF4Pzmfq0GhGmCWMqF7IrDTw7iVB9fP2EGRfwZoY0E3dS sgbe8r0bckMBH4g/GLp6lENmYZvJwQDNEjviiEmk66SLjHRKVES5ldREa0BXN1o2 5Q7/JnMZH+HcSzpZ2OD0b9QN2/zG9f9dU23WZIlDcNHCDSunA2q/nkA/AplP5GbI wltSKyFQ+Nuaha0pLA0FtfzbFFGAMZPO7b0i4hGLuSPijfjhqhni/IcEakx6AFIC WI5UjZdknK7yPg3NwllxUbFKFiYj05gnZnwktdIHeF/hi5+5Oyw/FZiyWaKehClo lUY8KzX45hzhw2IyB0NlrQaQNfLFyPNVKMiWj910UuosiASfMi6ngeL/GsutxwNY T+YEG74z8IdbJsFxudse8SPLMe9ikXSXVKSSuRr1bPRlQprT6m/TnWpW5Wp5Rghl SGunhUZjvExDHCO4J+S8wTiEesdkFVFgWpInPCCVGhbwE7RJMi9zqYnpZjTmT9Ju vOWCE0KSIOjh8R+FnFUEkKxfrbUAxXHUDcluEeSMilyMtGkSslMHqJQkpV0Z7x03 7OOwZWfaoaplKKDhb1auVcPzElSMKW+RZLeAJ1HZsFFpwA5ywuG977eJdU9LfZjv 6Jq+1GQ8Cmg= =0DTD -----END PGP SIGNATURE-----