Gentoo: 201309-16 Chromium, V8: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Gentoo Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201309-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Chromium, V8: Multiple vulnerabilities
     Date: September 24, 2013
     Bugs: #442096, #444826, #445246, #446944, #451334, #453610,
           #458644, #460318, #460776, #463426, #470920, #472350,
           #476344, #479048, #481990
       ID: 201309-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in Chromium and V8, some of
which may allow execution of arbitrary code.

Background
==========

Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 29.0.1457.57         >= 29.0.1457.57
  2  dev-lang/v8                < 3.18.5.14              >= 3.18.5.14
    -------------------------------------------------------------------
     2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.

Impact
======

A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other,
unspecified, impact.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57"

All V8 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14"

References
==========

[   1 ] CVE-2012-5116
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116
[   2 ] CVE-2012-5117
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117
[   3 ] CVE-2012-5118
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118
[   4 ] CVE-2012-5119
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119
[   5 ] CVE-2012-5120
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120
[   6 ] CVE-2012-5121
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121
[   7 ] CVE-2012-5122
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122
[   8 ] CVE-2012-5123
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123
[   9 ] CVE-2012-5124
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124
[  10 ] CVE-2012-5125
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125
[  11 ] CVE-2012-5126
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126
[  12 ] CVE-2012-5127
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127
[  13 ] CVE-2012-5128
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128
[  14 ] CVE-2012-5130
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130
[  15 ] CVE-2012-5132
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132
[  16 ] CVE-2012-5133
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133
[  17 ] CVE-2012-5135
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135
[  18 ] CVE-2012-5136
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136
[  19 ] CVE-2012-5137
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137
[  20 ] CVE-2012-5138
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138
[  21 ] CVE-2012-5139
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139
[  22 ] CVE-2012-5140
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140
[  23 ] CVE-2012-5141
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141
[  24 ] CVE-2012-5142
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142
[  25 ] CVE-2012-5143
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143
[  26 ] CVE-2012-5144
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
[  27 ] CVE-2012-5145
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145
[  28 ] CVE-2012-5146
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146
[  29 ] CVE-2012-5147
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147
[  30 ] CVE-2012-5148
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148
[  31 ] CVE-2012-5149
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149
[  32 ] CVE-2012-5150
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150
[  33 ] CVE-2012-5151
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151
[  34 ] CVE-2012-5152
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152
[  35 ] CVE-2012-5153
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153
[  36 ] CVE-2012-5154
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154
[  37 ] CVE-2013-0828
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828
[  38 ] CVE-2013-0829
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829
[  39 ] CVE-2013-0830
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830
[  40 ] CVE-2013-0831
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831
[  41 ] CVE-2013-0832
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832
[  42 ] CVE-2013-0833
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833
[  43 ] CVE-2013-0834
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834
[  44 ] CVE-2013-0835
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835
[  45 ] CVE-2013-0836
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836
[  46 ] CVE-2013-0837
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837
[  47 ] CVE-2013-0838
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838
[  48 ] CVE-2013-0839
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839
[  49 ] CVE-2013-0840
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840
[  50 ] CVE-2013-0841
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841
[  51 ] CVE-2013-0842
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842
[  52 ] CVE-2013-0879
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879
[  53 ] CVE-2013-0880
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880
[  54 ] CVE-2013-0881
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881
[  55 ] CVE-2013-0882
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882
[  56 ] CVE-2013-0883
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883
[  57 ] CVE-2013-0884
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884
[  58 ] CVE-2013-0885
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885
[  59 ] CVE-2013-0887
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887
[  60 ] CVE-2013-0888
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888
[  61 ] CVE-2013-0889
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889
[  62 ] CVE-2013-0890
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890
[  63 ] CVE-2013-0891
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891
[  64 ] CVE-2013-0892
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892
[  65 ] CVE-2013-0893
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893
[  66 ] CVE-2013-0894
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894
[  67 ] CVE-2013-0895
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895
[  68 ] CVE-2013-0896
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896
[  69 ] CVE-2013-0897
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897
[  70 ] CVE-2013-0898
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898
[  71 ] CVE-2013-0899
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899
[  72 ] CVE-2013-0900
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
[  73 ] CVE-2013-0902
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902
[  74 ] CVE-2013-0903
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903
[  75 ] CVE-2013-0904
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904
[  76 ] CVE-2013-0905
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905
[  77 ] CVE-2013-0906
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906
[  78 ] CVE-2013-0907
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907
[  79 ] CVE-2013-0908
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908
[  80 ] CVE-2013-0909
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909
[  81 ] CVE-2013-0910
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910
[  82 ] CVE-2013-0911
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911
[  83 ] CVE-2013-0912
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912
[  84 ] CVE-2013-0916
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916
[  85 ] CVE-2013-0917
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917
[  86 ] CVE-2013-0918
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918
[  87 ] CVE-2013-0919
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919
[  88 ] CVE-2013-0920
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920
[  89 ] CVE-2013-0921
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921
[  90 ] CVE-2013-0922
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922
[  91 ] CVE-2013-0923
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923
[  92 ] CVE-2013-0924
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924
[  93 ] CVE-2013-0925
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925
[  94 ] CVE-2013-0926
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926
[  95 ] CVE-2013-2836
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836
[  96 ] CVE-2013-2837
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837
[  97 ] CVE-2013-2838
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838
[  98 ] CVE-2013-2839
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839
[  99 ] CVE-2013-2840
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840
[ 100 ] CVE-2013-2841
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841
[ 101 ] CVE-2013-2842
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842
[ 102 ] CVE-2013-2843
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843
[ 103 ] CVE-2013-2844
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844
[ 104 ] CVE-2013-2845
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845
[ 105 ] CVE-2013-2846
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846
[ 106 ] CVE-2013-2847
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847
[ 107 ] CVE-2013-2848
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848
[ 108 ] CVE-2013-2849
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849
[ 109 ] CVE-2013-2853
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853
[ 110 ] CVE-2013-2855
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855
[ 111 ] CVE-2013-2856
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856
[ 112 ] CVE-2013-2857
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857
[ 113 ] CVE-2013-2858
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858
[ 114 ] CVE-2013-2859
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859
[ 115 ] CVE-2013-2860
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860
[ 116 ] CVE-2013-2861
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861
[ 117 ] CVE-2013-2862
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862
[ 118 ] CVE-2013-2863
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863
[ 119 ] CVE-2013-2865
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865
[ 120 ] CVE-2013-2867
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867
[ 121 ] CVE-2013-2868
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868
[ 122 ] CVE-2013-2869
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869
[ 123 ] CVE-2013-2870
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870
[ 124 ] CVE-2013-2871
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871
[ 125 ] CVE-2013-2874
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874
[ 126 ] CVE-2013-2875
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875
[ 127 ] CVE-2013-2876
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876
[ 128 ] CVE-2013-2877
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
[ 129 ] CVE-2013-2878
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878
[ 130 ] CVE-2013-2879
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879
[ 131 ] CVE-2013-2880
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880
[ 132 ] CVE-2013-2881
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881
[ 133 ] CVE-2013-2882
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882
[ 134 ] CVE-2013-2883
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883
[ 135 ] CVE-2013-2884
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884
[ 136 ] CVE-2013-2885
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885
[ 137 ] CVE-2013-2886
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886
[ 138 ] CVE-2013-2887
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887
[ 139 ] CVE-2013-2900
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900
[ 140 ] CVE-2013-2901
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901
[ 141 ] CVE-2013-2902
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902
[ 142 ] CVE-2013-2903
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903
[ 143 ] CVE-2013-2904
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904
[ 144 ] CVE-2013-2905
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905
[ 145 ] Release Notes 23.0.1271.64

http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html
[ 146 ] Release Notes 23.0.1271.91

http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
[ 147 ] Release Notes 23.0.1271.95

http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201309-16.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5