drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in v8
Name: |
Mangelnde Rechteprüfung in v8 |
|
ID: |
FEDORA-2015-2310 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Sa, 14. März 2015, 00:13 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0278 |
|
Applikationen: |
V8 |
|
Originalnachricht |
Name : v8 Product : Fedora 20 Version : 3.14.5.10 Release : 17.fc20 URL : http://code.google.com/p/v8 Summary : JavaScript Engine Description : V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.
------------------------------------------------------------------------------- - Update Information:
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don't close interval timers when unrefd (Julien Gilli)
* timers: don't mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using "use strict" (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don't busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli) ------------------------------------------------------------------------------- - ChangeLog:
* Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-17 - backports for nodejs 0.10.36 * Mon Jan 26 2015 David Tardon <dtardon@redhat.com> - 1:3.14.5.10-16 - rebuild for ICU 54.1 * Tue Dec 2 2014 Tom Callaway <spot@fedoraproject.org> - 1:3.14.5.10-15 - use system valgrind header (bz1141483) * Wed Sep 17 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-14 - backport bugfix that eliminates unused-local-typedefs warning - backport security fix: Fix Hydrogen bounds check elimination (CVE-2013-6668; RHBZ#1086120) - backport fix to segfault caused by the above patch * Tue Aug 26 2014 David Tardon <dtardon@redhat.com> - 1:3.14.5.10-13 - rebuild for ICU 53.1 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.14.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 31 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-11 - backport security fix for memory corruption and stack overflow (RHBZ#1125464) https://groups.google.com/d/msg/nodejs/-siJEObdp10/2xcqqmTHiEMJ - backport bug fix for x64 MathMinMax for negative untagged int32 arguments. https://github.com/joyent/node/commit/3530fa9cd09f8db8101c4649cab03bcdf760c434 * Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-10 - fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528) * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.14.5.10-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-8 - use clock_gettime() instead of gettimeofday(), which increases V8 performance dramatically on virtual machines * Tue Mar 18 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-7 - backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704) * Mon Feb 24 2014 Tomas Hrcka <thrcka@redhat.com> - 1:3.14.5.10-6 - Backport fix for incorrect handling of popular pages (RHBZ#1059070; CVE-2013-6640) * Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-5 - rebuild for icu-52 * Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-4 - backport fix for enumeration for objects with lots of properties * Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-3 - backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1194651 - CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges https://bugzilla.redhat.com/show_bug.cgi?id=1194651 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update v8' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|