From 77892ec7ea2ebb6e1af0a7df542b71da7a981899 Mon Sep 17 00:00:00 2001 From: eadler Date: Mon, 26 May 2014 21:01:24 +0000 Subject: Undo my poor merge conflict editing. Reported by: rene, mat --- security/vuxml/vuln.xml | 238 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 238 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3cd6c9ec87f3..6a5e02b77877 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -89,6 +89,244 @@ Notes: + + openjpeg -- Multiple vulnabilities + + + openjpeg + 1.5.2 + + + + +

Openjpeg release notes report:

+
+

That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 + release.

+
+
+

That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, + CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, + where fixed in the 1.5.2 release.

+
+ +
+ + CVE-2012-3358 + CVE-2012-3535 + CVE-2013-1447 + CVE-2013-4289 + CVE-2013-4290 + CVE-2013-6045 + CVE-2013-6052 + CVE-2013-6053 + CVE-2013-6054 + CVE-2013-6887 + http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS + http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS + + + 2012-05-13 + 2014-05-24 + +
+ + + chromium -- multiple vulnerabilities + + + chromium + 35.0.1916.114 + + + + +

Google Chrome Releases reports:

+
+

23 security fixes in this release, including:

+
    +
  • [356653] High CVE-2014-1743: Use-after-free in styles. Credit + to cloudfuzzer.
  • +
  • [359454] High CVE-2014-1744: Integer overflow in audio. Credit + to Aaron Staple.
  • +
  • [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to + Atte Kettunen of OUSPG.
  • +
  • [364065] Medium CVE-2014-1746: Out-of-bounds read in media + filters. Credit to Holger Fuhrmannek.
  • +
  • [330663] Medium CVE-2014-1747: UXSS with local MHTML file. + Credit to packagesu.
  • +
  • [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. + Credit to Jordan Milne.
  • +
  • [374649] CVE-2014-1749: Various fixes from internal audits, + fuzzing and other initiatives.
  • +
  • [358057] CVE-2014-3152: Integer underflow in V8 fixed in + version 3.25.28.16.
  • +
+
+ +
+ + CVE-2014-1743 + CVE-2014-1744 + CVE-2014-1745 + CVE-2014-1746 + CVE-2014-1747 + CVE-2014-1748 + CVE-2014-1749 + CVE-2014-3152 + http://googlechromereleases.blogspot.nl/ + + + 2014-05-20 + 2014-05-20 + +
+ + + chromium -- multiple vulnerabilities + + + chromium + 34.0.1847.137 + + + + +

Google Chrome Releases reports:

+
+

3 security fixes in this release:

+
    +
  • [358038] High CVE-2014-1740: Use-after-free in WebSockets. + Credit to Collin Payne.
  • +
  • [349898] High CVE-2014-1741: Integer overflow in DOM ranges. + Credit to John Butler.
  • +
  • [356690] High CVE-2014-1742: Use-after-free in editing. Credit + to cloudfuzzer.
  • +
+
+ +
+ + CVE-2014-1740 + CVE-2014-1741 + CVE-2014-1742 + http://googlechromereleases.blogspot.nl/ + + + 2014-05-13 + 2014-05-14 + +
+ + + libXfont -- X Font Service Protocol and Font metadata file handling issues + + + libXfont + 1.4.7_3 + + + + +

Alan Coopersmith reports:

+
+

Ilja van Sprundel, a security researcher with IOActive, has + discovered several issues in the way the libXfont library + handles the responses it receives from xfs servers, and has + worked with X.Org's security team to analyze, confirm, and fix + these issues.

+

Most of these issues stem from libXfont trusting the font server + to send valid protocol data, and not verifying that the values + will not overflow or cause other damage. This code is commonly + called from the X server when an X Font Server is active in the + font path, so may be running in a setuid-root process depending + on the X server in use. Exploits of this path could be used by + a local, authenticated user to attempt to raise privileges; or + by a remote attacker who can control the font server to attempt + to execute code with the privileges of the X server.

+
+ +
+ + CVE-2014-0209 + CVE-2014-0210 + CVE-2014-0211 + http://lists.x.org/archives/xorg-announce/2014-May/002431.html + + + 2014-05-13 + 2014-05-13 + +
+ + + libxml2 -- lack of end-of-document check DoS + + + libxml2 + 2.8.0_5 + + + + +

CVE MITRE reports:

+
+

parser.c in libxml2 before 2.9.0, as used in Google + Chrome before 28.0.1500.71 and other products, allows remote + attackers to cause a denial of service (out-of-bounds read) + via a document that ends abruptly, related to the lack of + certain checks for the XML_PARSER_EOF state.

+
+ +
+ + CVE-2013-2877 + https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877 + https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877 + + + 2013-04-11 + 2013-07-10 + +
+ + + libxml2 -- entity substitution DoS + + + libxml2 + 2.8.0_5 + + + + +

Stefan Cornelius reports:

+
+

It was discovered that libxml2, a library providing + support to read, modify and write XML files, incorrectly + performs entity substitution in the doctype prolog, even if + the application using libxml2 disabled any entity + substitution. A remote attacker could provide a + specially-crafted XML file that, when processed, would lead + to the exhaustion of CPU and memory resources or file + descriptors.

+

This issue was discovered by Daniel Berrange of Red Hat.

+
+ +
+ + CVE-2014-0191 + http://www.openwall.com/lists/oss-security/2014/05/06/4 + https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191 + + + 2013-12-03 + 2014-05-06 + +
+ OpenSSL -- NULL pointer dereference / DoS -- cgit