[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 2959-1] chromium-browser security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2959-1                   security@debian.org
http://www.debian.org/security/                           Michael Gilbert
June 14, 2014                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2014-3154 CVE-2014-3155 CVE-2014-3156 CVE-2014-3157

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2014-3154

    Collin Payne discovered a use-after-free issue in the filesystem API.

CVE-2014-3155

    James March, Daniel Sommermann, and Alan Frindell discovered several
    out-of-bounds read issues in the SPDY protocol implementation.

CVE-2014-3156

    Atte Kettunen discovered a buffer overflow issue in bitmap handling
    in the clipboard implementation.

CVE-2014-3157

    A heap-based buffer overflow issue was discovered in chromium's
    ffmpeg media filter.

In addition, this version corrects a regression in the previous update.
Support for older i386 processors had been dropped.  This functionality
is now restored.

For the stable distribution (wheezy), these problems have been fixed in
version 35.0.1916.153-1~deb7u1.

For the testing (jessie) and unstable (sid) distribution, these problems
have been fixed in version 35.0.1916.153-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJTnIzkAAoJELjWss0C1vRzk20f/3xH0L9p4hHsEb1i2nwj3U4R
Y88r+2XDp+foO5sR7PTLVm6xmO0LbdfNzJLghysP/8w4Kd62/nYjDZ0IsuNedJdk
k0ezzA6u+CHNK5QY2v6hjBgxvX0CFmstnF1+BMGSTG5Gd53cPpxlrQ/Xhsztxa0i
weC0s7dArKY0O1wJcruog0ayvlzl/c4+1s+Kha7T84F2aTMGQ1Ul678TvjH0r5/K
lRClxYPn3i6ETb2p5YA3thsgmb8qhIkC/S2mNirG0T5ghb2KJ9UuJRINikeTjCNe
/dRKG6dZiYBb1QUkWI/oAwUdyzjho3ua7oOyt6wLqCeq6/QTw869qOUBaDa4LhHr
YhC9lSggMs+4MM06Xlo2/4Rgm17tnU+T6ceoB4iVFjt3s1A1parPX1/IQESDTVoQ
yAViCXH/R6wvER5i5B7dZ5MJ4u3K629l6cW6rRBQ8fhG2njjcUDnqhgRIgyiBZ6/
WC9naPaYcA+fBTvq71iVk6IBLVG8/azccB4l2o73A99Hxxahg9sDDOAucobXIIb6
86npzVmhwgxUgTR8zDoZPLfBOMr/fMZKdfwr+3/1r+xRIU4N/nxBh7EHhz/2JPTX
DSaFNAIsSShOlOawJStq0q4dt/QgVZ/KZrLcQxNBXFbHZBZt+QC2tkWRYzFkTvUE
bSQN9iIfWKcamzuapTcwoN/a8sgYpTxuPQbgv9JWC974I88LyQI2/joHCcPms5Zw
aZmMp06j4peYDyVjSSjUUJEz6WuBK2PhBdScf7JI/bSy2D4G6HrEKa8yQ8VWbb2d
RvIQaI6J6oHPXQs6Wk/Oph9e7M7j8N+Jn4gsnjRuxmdngxeUDQdD6MwPYocp8R3S
ch8+OOrjrV6mhdJllOA4Or0+HnGDvEae0rR7xGFEZgAGzTTwM0Luu4Dxw5+a50M9
81tx2cAZGmLgS+0NOIthb3xFaKqAg6z//jeUOwamCQ7Y8/wtsqn9Z0G1m21BE81s
95aWlEWVuv0LK6JF+SMs5ZdGF8uMPgDVLTrsvd0ID+OIN+3r1DSGYs/rERbSRIts
1Gufd1FW5/jst6EPdXKEyqstMgdGNVyjYqsBFvPmpkHVl0n/fwr+0oC7GFHwgZhw
vOT0SW6d75T6pBY1LZHx4HU/S0FI8aeK91OnbF2HYOE09UJjJFjAN/vvgcdOF7Wm
0REMyGfTRdXmADIr7bey2wtiqNdSFEU64P6/L1vK2g6afZhx9yYSxe1NgVc80oI1
fAvghpO6jZ81DYJBaTXAx4ZMg+6qHV4kr/34ZUbtqJmHE0zWcptvc34yIjetdkRK
ubJBir7LFDLHAKXtWw5OqALiinhTev2OZxTn2nKsvlAXkBhVxLh7XIzpnwcQMgA=
=ZO4y
-----END PGP SIGNATURE-----


Reply to: