libv8-5-5.3.171-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10433 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libv8-5-5.3.171-4.1 on GA media These are all security issues fixed in the libv8-5-5.3.171-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10433 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10433 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-5037/ SUSE CVE CVE-2011-5037 page https://www.suse.com/security/cve/CVE-2013-6638/ SUSE CVE CVE-2013-6638 page https://www.suse.com/security/cve/CVE-2013-6639/ SUSE CVE CVE-2013-6639 page https://www.suse.com/security/cve/CVE-2013-6640/ SUSE CVE CVE-2013-6640 page https://www.suse.com/security/cve/CVE-2014-1705/ SUSE CVE CVE-2014-1705 page https://www.suse.com/security/cve/CVE-2014-1730/ SUSE CVE CVE-2014-1730 page https://www.suse.com/security/cve/CVE-2014-1735/ SUSE CVE CVE-2014-1735 page openSUSE Tumbleweed libv8-5-5.3.171-4.1 v8-5.3.171-4.1 v8-devel-5.3.171-4.1 v8-private-headers-devel-5.3.171-4.1 libv8-5-5.3.171-4.1 as a component of openSUSE Tumbleweed v8-5.3.171-4.1 as a component of openSUSE Tumbleweed v8-devel-5.3.171-4.1 as a component of openSUSE Tumbleweed v8-private-headers-devel-5.3.171-4.1 as a component of openSUSE Tumbleweed Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. CVE-2011-5037 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-5037.html CVE-2011-5037 https://bugzilla.suse.com/739126 SUSE Bug 739126 https://bugzilla.suse.com/797599 SUSE Bug 797599 Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. CVE-2013-6638 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6638.html CVE-2013-6638 https://bugzilla.suse.com/854473 SUSE Bug 854473 The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. CVE-2013-6639 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6639.html CVE-2013-6639 https://bugzilla.suse.com/854473 SUSE Bug 854473 The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. CVE-2013-6640 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6640.html CVE-2013-6640 https://bugzilla.suse.com/854473 SUSE Bug 854473 Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2014-1705 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1705.html CVE-2014-1705 https://bugzilla.suse.com/866959 SUSE Bug 866959 https://bugzilla.suse.com/868707 SUSE Bug 868707 Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. CVE-2014-1730 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1730.html CVE-2014-1730 https://bugzilla.suse.com/875408 SUSE Bug 875408 Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1735 openSUSE Tumbleweed:libv8-5-5.3.171-4.1 openSUSE Tumbleweed:v8-5.3.171-4.1 openSUSE Tumbleweed:v8-devel-5.3.171-4.1 openSUSE Tumbleweed:v8-private-headers-devel-5.3.171-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1735.html CVE-2014-1735 https://bugzilla.suse.com/875408 SUSE Bug 875408