drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in v8
Name: |
Zahlenüberlauf in v8 |
|
ID: |
FEDORA-2015-6908 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Fr, 8. Mai 2015, 11:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152 |
|
Applikationen: |
V8 |
|
Originalnachricht |
Name : v8 Product : Fedora 20 Version : 3.14.5.10 Release : 18.fc20 URL : http://code.google.com/p/v8 Summary : JavaScript Engine Description : V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.
------------------------------------------------------------------------------- - Update Information:
Fix for ARM-only CVE-2014-3152 ------------------------------------------------------------------------------- - ChangeLog:
* Thu Apr 23 2015 Tom Callaway <spot@fedoraproject.org> - 1:3.14.5.10-18 - backport security fix for ARM - CVE-2014-3152 * Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-17 - backports for nodejs 0.10.36 * Mon Jan 26 2015 David Tardon <dtardon@redhat.com> - 1:3.14.5.10-16 - rebuild for ICU 54.1 * Tue Dec 2 2014 Tom Callaway <spot@fedoraproject.org> - 1:3.14.5.10-15 - use system valgrind header (bz1141483) * Wed Sep 17 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-14 - backport bugfix that eliminates unused-local-typedefs warning - backport security fix: Fix Hydrogen bounds check elimination (CVE-2013-6668; RHBZ#1086120) - backport fix to segfault caused by the above patch * Tue Aug 26 2014 David Tardon <dtardon@redhat.com> - 1:3.14.5.10-13 - rebuild for ICU 53.1 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.14.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 31 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-11 - backport security fix for memory corruption and stack overflow (RHBZ#1125464) https://groups.google.com/d/msg/nodejs/-siJEObdp10/2xcqqmTHiEMJ - backport bug fix for x64 MathMinMax for negative untagged int32 arguments. https://github.com/joyent/node/commit/3530fa9cd09f8db8101c4649cab03bcdf760c434 * Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-10 - fix corner case in integer comparisons (v8 bug#2416; nodejs bug#7528) * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:3.14.5.10-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-8 - use clock_gettime() instead of gettimeofday(), which increases V8 performance dramatically on virtual machines * Tue Mar 18 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-7 - backport fix for unsigned integer arithmetic (RHBZ#1077136; CVE-2014-1704) * Mon Feb 24 2014 Tomas Hrcka <thrcka@redhat.com> - 1:3.14.5.10-6 - Backport fix for incorrect handling of popular pages (RHBZ#1059070; CVE-2013-6640) * Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-5 - rebuild for icu-52 * Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-4 - backport fix for enumeration for objects with lots of properties * Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-3 - backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1101056 - CVE-2014-3152 v8: integer underflow fixed in Google Chrome 35.0.1916.114 https://bugzilla.redhat.com/show_bug.cgi?id=1101056 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update v8' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|