Rapid7 Vulnerability & Exploit Database

RHSA-2014:1744: v8314-v8 security update

Back to Search

RHSA-2014:1744: v8314-v8 security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
03/16/2014
Created
07/25/2018
Added
11/27/2014
Modified
07/04/2017

Description

Updated v8314-v8 packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. (CVE-2014-5256) Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8. (CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704) All v8314-v8 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using V8 must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-v8314-v8
  • redhat-upgrade-v8314-v8-debuginfo
  • redhat-upgrade-v8314-v8-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;