1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3531-1] chromum-browser security update

    From Michael Gilbert@1:229/2 to All on Sat Mar 26 04:40:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3531-1 [email protected] https://www.debian.org/security/ Michael Gilbert
    March 25, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromum-browser
    CVE ID : CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649
    CVE-2016-1650

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2016-1646

    Wen Xu discovered an out-of-bounds read issue in the v8 library.

    CVE-2016-1647

    A use-after-free issue was discovered.

    CVE-2016-1648

    A use-after-free issue was discovered in the handling of extensions.

    CVE-2016-1649

    lokihardt discovered a buffer overflow issue in the Almost Native
    Graphics Layer Engine (ANGLE) library.

    CVE-2016-1650

    The chrome development team found and fixed various issues during
    internal auditing. Also multiple issues were fixed in the v8
    javascript library, version 4.9.385.33.

    For the stable distribution (jessie), these problems have been fixed in
    version 49.0.2623.108-1~deb8u1.

    For the testing distribution (stretch), these problems will be fixed soon.

    For the unstable distribution (sid), these problems have been fixed in
    version 49.0.2623.108-1.

    We recommend that you upgrade your chromum-browser packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQQcBAEBCgAGBQJW9gD0AAoJELjWss0C1vRzlScgAKYDK4DCzy99kl4PTLdWUn1x vyOXZAtRZRPHWIyA7OaD0XtCkA+vHbjnUBy7W8JuwdxcfoDPKq7H0lqtO8QSsIPN O5vqIoWyEGo4mP2/9AB5xZNXFGZuAp3Lrqq+BpIdbYGsR0IBOXHj0yEgqzWFzW0n QMuOA0nM0MnXCdXNhnxR1XZxv2svVVYthR4paFlw1JriAEKdmR8F1Jfl+4ke1yeT O7nt7WZlHpdrpicg13+BqkIK1qCipbmdA9wr6qP5UiHYkKxRdKHkhxEYwx1i5wLX 7op2KD5R4d8W0g6VS4Asc+B2acZCPTi8djZvXXIKxbXk+4o5bl1DfqlTWnZANniq A62k1yc/5olq1cPH5LZHPk4casMVNNCXKxjsRU+vsNIlHVIS9+dJ4c7fm+xsgc+s 9Z4L4WhBz5pjF5Eq2Qurbn9J60I9JPTUgL99fN0eCeqeS4xnRnkVmbGlJWWJUd3y VpkBvsa+PYgoAcKKZ+axasfcROJ1VIlfUgcDbFJ+AeQ06UL0oVyPc8Fngh+4wDDj eiEJRh+c0om+Gb71fcwEM/yyE3Fs7+xl47sst1JMKacjLx/yqRNWVa7nOYGNKj1T 1vf4rAtTNaaTkDwG5kxNVJy//iCG2dvQGz8kIifzQ93XvU4YRukve6Wxva8K9xDB UYj4VfqiLAjMmqLBsbBctm5geokpIyWRQrvkMYB5Of0WEnSLfLjklIsp3/AY9Jan so8wTjVVhFokwAJJnkqoLE/yAfJKZHKio9Fl8H4YKi3uwf628pdgLukRjwgCNXRL RDe+r+i65n8TVcEw0ODO1q3eEtJsAo4cCnqZQxZ4/QvG0mzAGbBDsmAWbDB43RuJ 8Tzxy22LTGdYwtM8nrJOVjSK5yaf9f02cmb/fhVLfqtZTu27nEJRO7dmygWtLDeR Dj7CkLJ07FgaV0W9FIGmXxydo261I1W6hMSKwWiQ4AS5J/IODL0mrXHGHRjcWuiG wTXp4VytlaV3kngh1WaTh+V8PiEDA4gl/ciRNe1voYGYv/7/5PV6yqwffkCC5sVH xlyOBhetI9zjHDoT0VR5pZlV05FR3d/f7xAbkFXM744hsUKRLDaMlyvTLMSDo/7s qDtYWH0cFrO7PEUVPrvP+o8jHgrGLVjip3/P0aqDegsU3Eq9D6qtEQ34GK9mn5SJ MyVgysUF418MshnG/tLT6xvF/JLlUK0a7PpGijgrGcuGrzweTzPmvJsEV2xeac9c pjhTZITOcglew+YzAo+1ctFwQV8VeZc/2ha+ZdRTA7hU07zz50NPtTuM2KoOlMxk DfgGmvFjt2OaO6yX6t/oOrSG7E+/GO+y6Vp1FyQTe1G2zvAR2Rz71dlRJOJkW58=
    =NEwx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)