drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in v8
Name: |
Denial of Service in v8 |
|
ID: |
FEDORA-2013-14205 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
Do, 15. August 2013, 08:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2882 |
|
Applikationen: |
V8 |
|
Originalnachricht |
Name : v8 Product : Fedora 18 Version : 3.14.5.10 Release : 2.fc18 URL : http://code.google.com/p/v8 Summary : JavaScript Engine Description : V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.
------------------------------------------------------------------------------- - Update Information:
This update fixes an issue with Google V8, as used in Google Chrome before 28.0.1500.95, which allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that leverage "type confusion."
Please note that this issue's impact on Node.js is somewhat lessened since it
does not typically execute JavaScript from foreign sources. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Aug 2 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-2 - backport fix for remote DoS or unspecified other impact via type confusion (RHBZ#991116; CVE-2013-2882) * Wed May 29 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.10-1 - new upstream release 3.14.5.10 * Mon May 6 2013 Stanislav Ochotnicky <sochotnicky@redhat.com> - 1:3.14.5.8-2 - Fix ownership of include directory (#958729) * Fri Mar 22 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.14.5.8-1 - new upstream release 3.14.5.8 - backport security fix for remote DoS via crafted javascript (RHBZ#924495; CVE-2013-2632) * Mon Mar 11 2013 Stephen Gallagher <sgallagh@redhat.com> - 1:3.14.5.7-3 - Update to v8 3.14.5.7 for Node.js 0.10.0 * Sat Jan 26 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 1:3.13.7.5-2 - rebuild for icu-50 - ignore new GCC 4.8 warning * Tue Dec 4 2012 Tom Callaway <spot@fedoraproject.org> - 1:3.13.7.5-1 - update to 3.13.7.5 (needed for chromium 23) - Resolves multiple security issues (CVE-2012-5120, CVE-2012-5128) - d8 is now using a static libv8, resolves bz 881973) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #991116 - CVE-2013-2882 v8: remote DoS or unspecified other impact via type confusion https://bugzilla.redhat.com/show_bug.cgi?id=991116 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update v8' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|