Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0976
chromium-browser security update
16 June 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium-browser
Publisher: Debian
Operating System: Debian GNU/Linux 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3157 CVE-2014-3156 CVE-2014-3155
CVE-2014-3154
Reference: ASB-2014.0067
Original Bulletin:
http://www.debian.org/security/2014/dsa-2959
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2959-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
June 14, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2014-3154 CVE-2014-3155 CVE-2014-3156 CVE-2014-3157
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2014-3154
Collin Payne discovered a use-after-free issue in the filesystem API.
CVE-2014-3155
James March, Daniel Sommermann, and Alan Frindell discovered several
out-of-bounds read issues in the SPDY protocol implementation.
CVE-2014-3156
Atte Kettunen discovered a buffer overflow issue in bitmap handling
in the clipboard implementation.
CVE-2014-3157
A heap-based buffer overflow issue was discovered in chromium's
ffmpeg media filter.
In addition, this version corrects a regression in the previous update.
Support for older i386 processors had been dropped. This functionality
is now restored.
For the stable distribution (wheezy), these problems have been fixed in
version 35.0.1916.153-1~deb7u1.
For the testing (jessie) and unstable (sid) distribution, these problems
have been fixed in version 35.0.1916.153-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTnIzkAAoJELjWss0C1vRzk20f/3xH0L9p4hHsEb1i2nwj3U4R
Y88r+2XDp+foO5sR7PTLVm6xmO0LbdfNzJLghysP/8w4Kd62/nYjDZ0IsuNedJdk
k0ezzA6u+CHNK5QY2v6hjBgxvX0CFmstnF1+BMGSTG5Gd53cPpxlrQ/Xhsztxa0i
weC0s7dArKY0O1wJcruog0ayvlzl/c4+1s+Kha7T84F2aTMGQ1Ul678TvjH0r5/K
lRClxYPn3i6ETb2p5YA3thsgmb8qhIkC/S2mNirG0T5ghb2KJ9UuJRINikeTjCNe
/dRKG6dZiYBb1QUkWI/oAwUdyzjho3ua7oOyt6wLqCeq6/QTw869qOUBaDa4LhHr
YhC9lSggMs+4MM06Xlo2/4Rgm17tnU+T6ceoB4iVFjt3s1A1parPX1/IQESDTVoQ
yAViCXH/R6wvER5i5B7dZ5MJ4u3K629l6cW6rRBQ8fhG2njjcUDnqhgRIgyiBZ6/
WC9naPaYcA+fBTvq71iVk6IBLVG8/azccB4l2o73A99Hxxahg9sDDOAucobXIIb6
86npzVmhwgxUgTR8zDoZPLfBOMr/fMZKdfwr+3/1r+xRIU4N/nxBh7EHhz/2JPTX
DSaFNAIsSShOlOawJStq0q4dt/QgVZ/KZrLcQxNBXFbHZBZt+QC2tkWRYzFkTvUE
bSQN9iIfWKcamzuapTcwoN/a8sgYpTxuPQbgv9JWC974I88LyQI2/joHCcPms5Zw
aZmMp06j4peYDyVjSSjUUJEz6WuBK2PhBdScf7JI/bSy2D4G6HrEKa8yQ8VWbb2d
RvIQaI6J6oHPXQs6Wk/Oph9e7M7j8N+Jn4gsnjRuxmdngxeUDQdD6MwPYocp8R3S
ch8+OOrjrV6mhdJllOA4Or0+HnGDvEae0rR7xGFEZgAGzTTwM0Luu4Dxw5+a50M9
81tx2cAZGmLgS+0NOIthb3xFaKqAg6z//jeUOwamCQ7Y8/wtsqn9Z0G1m21BE81s
95aWlEWVuv0LK6JF+SMs5ZdGF8uMPgDVLTrsvd0ID+OIN+3r1DSGYs/rERbSRIts
1Gufd1FW5/jst6EPdXKEyqstMgdGNVyjYqsBFvPmpkHVl0n/fwr+0oC7GFHwgZhw
vOT0SW6d75T6pBY1LZHx4HU/S0FI8aeK91OnbF2HYOE09UJjJFjAN/vvgcdOF7Wm
0REMyGfTRdXmADIr7bey2wtiqNdSFEU64P6/L1vK2g6afZhx9yYSxe1NgVc80oI1
fAvghpO6jZ81DYJBaTXAx4ZMg+6qHV4kr/34ZUbtqJmHE0zWcptvc34yIjetdkRK
ubJBir7LFDLHAKXtWw5OqALiinhTev2OZxTn2nKsvlAXkBhVxLh7XIzpnwcQMgA=
=ZO4y
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU54uQBLndAQH1ShLAQLPChAAgOx0eOAMvrMD4w2i1gNQNpBn9F/vOQ10
GfaecNMR9MSZhpEq/TJUF4Pzmfq0GhGmCWMqF7IrDTw7iVB9fP2EGRfwZoY0E3dS
sgbe8r0bckMBH4g/GLp6lENmYZvJwQDNEjviiEmk66SLjHRKVES5ldREa0BXN1o2
5Q7/JnMZH+HcSzpZ2OD0b9QN2/zG9f9dU23WZIlDcNHCDSunA2q/nkA/AplP5GbI
wltSKyFQ+Nuaha0pLA0FtfzbFFGAMZPO7b0i4hGLuSPijfjhqhni/IcEakx6AFIC
WI5UjZdknK7yPg3NwllxUbFKFiYj05gnZnwktdIHeF/hi5+5Oyw/FZiyWaKehClo
lUY8KzX45hzhw2IyB0NlrQaQNfLFyPNVKMiWj910UuosiASfMi6ngeL/GsutxwNY
T+YEG74z8IdbJsFxudse8SPLMe9ikXSXVKSSuRr1bPRlQprT6m/TnWpW5Wp5Rghl
SGunhUZjvExDHCO4J+S8wTiEesdkFVFgWpInPCCVGhbwE7RJMi9zqYnpZjTmT9Ju
vOWCE0KSIOjh8R+FnFUEkKxfrbUAxXHUDcluEeSMilyMtGkSslMHqJQkpV0Z7x03
7OOwZWfaoaplKKDhb1auVcPzElSMKW+RZLeAJ1HZsFFpwA5ywuG977eJdU9LfZjv
6Jq+1GQ8Cmg=
=0DTD
-----END PGP SIGNATURE-----