[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3985-1] chromium-browser security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3985-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
September 28, 2017                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114
                 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118
                 CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-5111

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-5112

    Tobias Klein discovered a buffer overflow issue in the webgl
    library.

CVE-2017-5113

    A buffer overflow issue was discovered in the skia library.

CVE-2017-5114

    Ke Liu discovered a memory issue in the pdfium library.

CVE-2017-5115

    Marco Giovannini discovered a type confusion issue in the v8
    javascript library.

CVE-2017-5116

    Guang Gong discovered a type confusion issue in the v8 javascript
    library.

CVE-2017-5117

    Tobias Klein discovered an uninitialized value in the skia library.

CVE-2017-5118

    WenXu Wu discovered a way to bypass the Content Security Policy.

CVE-2017-5119

    Another uninitialized value was discovered in the skia library.

CVE-2017-5120

    Xiaoyin Liu discovered a way downgrade HTTPS connections during
    redirection.

CVE-2017-5121

    Jordan Rabet discovered an out-of-bounds memory access in the v8
    javascript library.

CVE-2017-5122

    Choongwoo Han discovered an out-of-bounds memory access in the v8
    javascript library.

For the stable distribution (stretch), these problems have been fixed in
version 61.0.3163.100-1~deb9u1.

For the testing distribution (buster), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 61.0.3163.100-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlnM7E0ACgkQuNayzQLW
9HPaQB/7BLQfY2DRCMoj0/WVxKCuR3DCjZasEeh6RRzPWUYMsvECBoQ+oeSdN6uW
aZX4XYGY1OkE4cmKYoQCOp7wMQ7KD6hIWLvNTR9gC9KMmpxekiqrWTmhDzSCR6on
/pYlguy0vCjtWfsGBMz9Tjba72lOGpMvW6Bbo9EvywN+pNeLNoKwkHFucCTwlSNH
X/fLOZTxdFFHlSPq7fxFgvQQq/y1PcaPxWiJvw62ds+AFV6O03OdR4/vJBI4d8OY
cwJRbZi0T91ary50MNuGZgLtA5PaCXBfBfXsx0MXTvMcpmNw6auKjUr2AEwKcB0L
fs4iFErXjxciz2Lf3VoepJhPjeRL35R/rkxKXV+71uXZRlpMYqXd8mZdnZZ+cSEZ
DoqJKSmr/PrwI6KSwiP1Gn2oWoxkjEV2T3lIAW/IdwX26rh0ruNjskPhZQbLmhlR
9OAW7UsMxnTzOxVV2BNghi7aQlyeq2pVFkakMQ2fMt0e+6YmdEH7I0CzOGXncCSK
c5VocSHvZfwaCw0FeqYLocHz4s1o9SR8qhcI6HiCV1PCRfAe5It5P90PTcTNJMP3
5D+efQ/cxU7u7IXep8mE8fDin8v1kYRcMCgxB7VKHQaPY8uJlCqH89RKf9NgggNe
8rAAlPUhkDq1gLzG1oWDFcFRtFuxRwIK+htQixcxNQuIDguxWFwL0lEUvdFe8wBp
B/896t2MM6kCkwmf4xXGDFk5DrPVMtUh6283CypZSjhcMs02l+SUBY2e/67xeKYE
KDcj+7D7yBsv7mddDisYx8jF34wiSBP8kE8MJuC39IdrLLTEgsbWDMs0e3E2oi24
1kZqgCKZqaZHm2Wc/+V8q/bubeaFGuQHsl4JOjnkuefg7wTrniDs73x/jduo3RRW
24FMVCdw18JJNNoSifT7Vj36oqr9Ei7yWjKPCyu0880R3Rf2P0Cu+JkCnpf0/yci
jur+d3Cs6ij1mAXVuIY0BoJtOlaljs/epFGyVfcPN255QXX1FDEG++2u4ovfxxmP
6bGCfczqnUtjxgVdHAJvbvLDBSgSLr3AWCTAN4P9fI99zUWgFHSi4cz/+JtlmRMn
6S0w4r0YJsK0tCKL6hzt2PhnDrDt8sJyDOczxA5a15zq9GgQdpFQW7bHv8EEj2Wk
tV3F4uHAqLKEgW4aEBaiIXvSDJlxy/FXeeVZXfl/V+by3BrNnmmy4CHJZcYZqh4g
NpEgXY6e67+S9zbQ/YqK4TL0lh6YWRt8KRxGRVDdev+k/IGQTmB7GgpyMyphVC57
AmN+vOD0uhV0UsLSzHl0vECoC9y5ko+JmZKW6JaDDsI1ql/MxOU9Q6rrMfbduRNp
ZHMd4PsWBQUvvLR6Wd3m/GWQc5EkZg==
=+/ji
-----END PGP SIGNATURE-----


Reply to: