Login
Newsletter
Werbung

Sicherheit: Denial of Service in v8
Aktuelle Meldungen Distributionen
Name: Denial of Service in v8
ID: FEDORA-2013-14205
Distribution: Fedora
Plattformen: Fedora 18
Datum: Do, 15. August 2013, 08:55
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2882
Applikationen: v8

Originalnachricht

Name        : v8
Product : Fedora 18
Version : 3.14.5.10
Release : 2.fc18
URL : http://code.google.com/p/v8
Summary : JavaScript Engine
Description :
V8 is Google's open source JavaScript engine. V8 is written in C++ and is
used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.

-------------------------------------------------------------------------------
-
Update Information:

This update fixes an issue with Google V8, as used in Google Chrome before
28.0.1500.95, which allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that leverage "type confusion."

Please note that this issue's impact on Node.js is somewhat lessened since
it
does not typically execute JavaScript from foreign sources.
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Aug 2 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1:3.14.5.10-2
- backport fix for remote DoS or unspecified other impact via type confusion
(RHBZ#991116; CVE-2013-2882)
* Wed May 29 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1:3.14.5.10-1
- new upstream release 3.14.5.10
* Mon May 6 2013 Stanislav Ochotnicky <sochotnicky@redhat.com> -
1:3.14.5.8-2
- Fix ownership of include directory (#958729)
* Fri Mar 22 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1:3.14.5.8-1
- new upstream release 3.14.5.8
- backport security fix for remote DoS via crafted javascript (RHBZ#924495;
CVE-2013-2632)
* Mon Mar 11 2013 Stephen Gallagher <sgallagh@redhat.com> - 1:3.14.5.7-3
- Update to v8 3.14.5.7 for Node.js 0.10.0
* Sat Jan 26 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1:3.13.7.5-2
- rebuild for icu-50
- ignore new GCC 4.8 warning
* Tue Dec 4 2012 Tom Callaway <spot@fedoraproject.org> - 1:3.13.7.5-1
- update to 3.13.7.5 (needed for chromium 23)
- Resolves multiple security issues (CVE-2012-5120, CVE-2012-5128)
- d8 is now using a static libv8, resolves bz 881973)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #991116 - CVE-2013-2882 v8: remote DoS or unspecified other impact
via type confusion
https://bugzilla.redhat.com/show_bug.cgi?id=991116
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update v8' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung