The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.
Monthly Archives: March 2015
CVE-2015-1228
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.
CVE-2015-1229
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
CVE-2015-1230
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers “type confusion.”
CVE-2015-1231
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1232
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.
CVE-2015-2238
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-2239
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the “1993 search” features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231.
Fedora EPEL 6 Security Update: seamonkey-2.28-4.ESR_31.5.0.el6
Update to the codebase of Extended Support Release (ESR) 31.5.0
Fixes various security issues, see https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html and https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html for more info
Fedora EPEL 6 Security Update: libmspack-0.5-0.1.alpha.el6
Resolved Bugs
1196154 – libmspack: various flaws [fedora-all]
1196153 – libmspack: off-by-one(?) buffer under-read in mspack/lzxd.c
1196157 – libmspack: off-by-one buffer over-read in mspack/mszipd.c
1180177 – libmspack: pointer arithmetic overflow during CHM decompression
1180180 – libmspack: pointer arithmetic overflow during CHM decompression [fedora-all]
1180175 – libmspack: denial of service while processing crafted CHM file (floating point exception)
1180178 – libmspack: denial of service while processing crafted CHM file (floating point exception) [fedora-all]
1178867 – CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress()
1179822 – CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress() [fedora-all]<br
updated to bugfix release 0.5alpha