[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3810-1] chromium-browser security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3810-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
March 15, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
                 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
                 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
                 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044
                 CVE-2017-5045 CVE-2017-5046

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-5029

    Holger Fuhrmannek discovered an integer overflow issue in the libxslt
    library.

CVE-2017-5030

    Brendon Tiszka discovered a memory corruption issue in the v8 javascript
    library.

CVE-2017-5031

    Looben Yang discovered a use-after-free issue in the ANGLE library.

CVE-2017-5032

    Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.

CVE-2017-5033

    Nicolai Grødum discovered a way to bypass the Content Security Policy.

CVE-2017-5034

    Ke Liu discovered an integer overflow issue in the pdfium library.

CVE-2017-5035

    Enzo Aguado discovered an issue with the omnibox.

CVE-2017-5036

    A use-after-free issue was discovered in the pdfium library.

CVE-2017-5037

    Yongke Wang discovered multiple out-of-bounds write issues.

CVE-2017-5038

    A use-after-free issue was discovered in the guest view.

CVE-2017-5039

    jinmo123 discovered a use-after-free issue in the pdfium library.

CVE-2017-5040

    Choongwoo Han discovered an information disclosure issue in the v8
    javascript library.

CVE-2017-5041

    Jordi Chancel discovered an address spoofing issue.

CVE-2017-5042

    Mike Ruddy discovered incorrect handling of cookies.

CVE-2017-5043

    Another use-after-free issue was discovered in the guest view.

CVE-2017-5044

    Kushal Arvind Shah discovered a heap overflow issue in the skia
    library.

CVE-2017-5045

    Dhaval Kapil discovered an information disclosure issue.

CVE-2017-5046

    Masato Kinugawa discovered an information disclosure issue.

For the stable distribution (jessie), these problems have been fixed in
version 57.0.2987.98-1~deb8u1.

For the upcoming stable (stretch) and unstable (sid) distributions, these
problems have been fixed in version 57.0.2987.98-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAljJMRkACgkQuNayzQLW
9HM36B/+NXUUQ3TCDWQt+FYXtqla6j+BnUTBAsKTbmZwbz5/gAxRymzm835ilVyw
r0sn4JOffZdKEmkdkHSSXwk8UQqPL2vfnQq8PQKbWvZlkmoMmxDdMNWoggRx/c6c
LTUAjE/tpy1P3VBd4YdFa7fpb/M5LSpHxs36O25ZvuN6woi8zbKYLJBD+jQ5U4F+
pVO6Lgdou/26TJGq/lZ0Lfypj1esndfwxoIKCJBS845o1bdZusRynUbSyI1fV/YL
Y9mkwEO1LsoGBFqlroOMlzcfRY8/pG0tRN++mebSEsh6TOFQpq+1qq1/DkyhCFKS
o6deeZjYYy5CGdbx6gxPp7J8HQry4JvjV5Rj1g8vfVdJwb6i33dTZEKDghPm48pu
gr2BfF2EXlGwhe+JaXmZkoEVOpX4dPnOcVgrpD0FXDJoVyqrVCo410L0MZug90Xr
eTCOPVrnCHRhCfRoYyRlZASuH+HtgrD8Qy+NGUx/ZxK5Zg2Ck1+XDJLMLdwn3Y7N
5s+beUU4n0rR6O7tX8JDwx0qieloCqg2ZOACOCjy312gDt4R7kxcr+P4RxQ9tXgc
o8AN1NIWNxQPovLYMD2JGD0iWt1hUmNHtbscl8MllugKv+nfgFpTNpviAqEFOpw/
9W/o10h+lIO/yr4Den75h3QU+vPR/7V4zOlyr6PtDbIo8EwWKvy4BCGMNKtREaB2
42vGXuBqzup91wIR9YU8ZWNhdtL1tWLJQZFDnMY3RurpFmH37m4G0Ni8+vvzXwWK
mEtjC9wLfTWZQ+mWXHjBGXlkRivpnppOCYhfNvGOQ9HtPKX6YBZrM+k5afzKS+z4
uZKMxN5EcA+/6s8d3h5oyzg9auvu4Zf/ifBNSzc8XF7sE6MgxU5KtMpwsBvsUwcR
VGIVBzJFZAADbBQxF24+lSxA/fMkfrZC61CEZEHdMBWN/k5UUH1tjUviE5pRusuc
3SRQ2/PSCOZ2uTbJsv4J4KooOlgMl2wJCL7nyww7OaHSB7WXqxg+QWh+dMI3oQt9
k3SJcbc9y94FNPUPWzY2CZo1/Nr/7jJLOnXYtZvb000lEF+cYgpX35u+gfIf9a+R
bgSPbkY1B6vRmlTJ0zt/eC0ENV23D0wrG/JT4AysW1P1zQF+AH8pUiFsKfGcF1zF
RFPsMzkfI6K+hFZdfV02eznaL89jQqPmk09ZN558NoTu43ct1QLJMSzVqK1K4ORQ
39C54f6x5j1zy+fl3IvUsbGY6PKfMwDPo+W2X5ze7wI9wHcgSKEmkCMEw0DGvsKy
8SjOyJKN0YDTvyFN6hFcIJO+HHnfvWOy2et3FxZyQWudYvYjnGnFcDDz1yzxuda+
SkaB2j+BgAQPYBXZoylBjGc+izT9qA==
=8dUe
-----END PGP SIGNATURE-----


Reply to: