From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3549-1 [email protected] https://www.debian.org/security/ Michael Gilbert
April 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654
CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1651

An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1652

A cross-site scripting issue was discovered in extension bindings.

CVE-2016-1653

Choongwoo Han discovered an out-of-bounds write issue in the v8
javascript library.

CVE-2016-1654

Atte Kettunen discovered an uninitialized memory read condition.

CVE-2016-1655

Rob Wu discovered a use-after-free issue related to extensions.

CVE-2016-1657

Luan Herrera discovered a way to spoof URLs.

CVE-2016-1658

Antonio Sanso discovered an information leak related to extensions.

CVE-2016-1659

The chrome development team found and fixed various issues during
internal auditing.

For the stable distribution (jessie), these problems have been fixed in
version 50.0.2661.75-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 50.0.2661.75-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJXENcNAAoJELjWss0C1vRzNhMf/17hUv6L+/4SZdYkrnHA/3JB i/RwOnIbPfbWm416gIXM6vbLfIGe4/eznczr6B1ZvGfzTGaC5OnSLtwmdhqgxv+8 cbh0yPXgmg7a1UyIfpyj1kfCcNx3qz5QzNxKhcdX7iu9pcE3fQocL6cV5pV35gw1 0dwM+jVuld33OxhPx2JeQO6nOOoIHspu/gIxPTdxXvJfOeTIp52kUUEH+gPi3eZp S9Uf0hHXfYY7HGYV12mPm66ioCTl0L1QxpOEZkxKr/pUy8MD3jkPWUtRqTx1NcGo IMvWMdosn2vKkIKdGDMrN+mo/hqc67htPDHw/pcWzomJT5KnO8I79p1PvqVklO/i BZdS5GPZgCjcQPTSWIOX0xkk5SnHlY+BiE8ZBaIydVC0K5sum+4JLBxZnXzkNO96 m15tQ4rS1wY9WPYV2/g8kHS3juwvBX1COj+BDqzQs/VKXQllv0Hj0rdQvq70O9uY eXLu4Eh+k3R9vQ9WfX7dniumvCVtZcqaplkROse5MQ3j/ord1YmTMmsuPvZ3Vg9B ODUinvCGBD7Hk/zKI2+YIzzHrZOAsMJyE0x696jNCzCJq6Pjg7MND4NH+PX9RIZ9 22NpX/GfplOnp6Kvi+ciijPnLjdo9d04AIoQEsE80efXANk68G9EtpQ6pwF3TDYd OfaXGymljLio3ca73O0yGOdNzufQYJGd0/DHpHr4ED+RHt1IUtXQkE/N5DufmOxw j3wKdDk41VJJ1klfix0KAniTFjbUW43kuqahuXnB1EEULgL2gj14YgxKTEjBf9JY 7zW6HmKZ+TfR9uu5XS9CRe/igkaBIFa9CljZ4JKL881NKN4rewXZjG4R715J8Ql4 AY0wfhwTBiiLqQy9P6p8SzItxm3gdgktyCYl0VkLpwaVnCeegV6zdHqb4k1ublks q6aELszWe+W4OjPxeEW5lVUkFU55vxzUZ9OYe+oem8Bt6bBZpu3Q2SmsZmGnNKvQ /58GXw76U2/fI12uh4MVREDxkdhI7oxELARYgWFFJ2RA70Z/Ju5j6w1j9Qpfap0q 64+a1Hk10P99yClJAJnjDqAx2ZHskYjKeqKFB7BGk6QkR7C2XSSDlIq73fytDIBp Ih/9y1sEa8B5vtQK0PYeg22qLMKI7++r1ARKj9i6JhrIE3VqLWiA4DU4k8dE4EOr ei/f5R7sJCQzs2qn3eOKTHaQizk+B9CCxmHxMbCNkydahnlJRPHPlh0dlBvS9Er7 3lmFfyxg8OdD7RPjcrcotvnzif2LqGhSd0Jit88zkGFEDA37VUbmRitorOgVYY2o bNtCorDaCPjHHUy3PsAhGqla3pnmrJ+OAIyKdddXTqovrZZdUthGi/DghbU81dg=
=n5pX
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.security
From: [email protected]

Doesn't apply to our systems.

Matthew Baxa
Cloud Engineer - Zillow
P 402-417-0421
M 785-213-3252


-----Original Message-----
From: Michael Gilbert [mailto:[email protected]]
Sent: Friday, April 15, 2016 6:59 AM
To: [email protected]
Subject: [SECURITY] [DSA 3549-1] chromium-browser security update
Importance: High

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3549-1 [email protected] https://www.debian.org/security/ Michael Gilbert
April 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2016-1651 CVE-2016-1652 CVE-2016-1653 CVE-2016-1654
CVE-2016-1655 CVE-2016-1657 CVE-2016-1658 CVE-2016-1659

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1651

An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1652

A cross-site scripting issue was discovered in extension bindings.

CVE-2016-1653

Choongwoo Han discovered an out-of-bounds write issue in the v8
javascript library.

CVE-2016-1654

Atte Kettunen discovered an uninitialized memory read condition.

CVE-2016-1655

Rob Wu discovered a use-after-free issue related to extensions.

CVE-2016-1657

Luan Herrera discovered a way to spoof URLs.

CVE-2016-1658

Antonio Sanso discovered an information leak related to extensions.

CVE-2016-1659

The chrome development team found and fixed various issues during
internal auditing.

For the stable distribution (jessie), these problems have been fixed in version 50.0.2661.75-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 50.0.2661.75-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJXENcNAAoJELjWss0C1vRzNhMf/17hUv6L+/4SZdYkrnHA/3JB i/RwOnIbPfbWm416gIXM6vbLfIGe4/eznczr6B1ZvGfzTGaC5OnSLtwmdhqgxv+8 cbh0yPXgmg7a1UyIfpyj1kfCcNx3qz5QzNxKhcdX7iu9pcE3fQocL6cV5pV35gw1 0dwM+jVuld33OxhPx2JeQO6nOOoIHspu/gIxPTdxXvJfOeTIp52kUUEH+gPi3eZp S9Uf0hHXfYY7HGYV12mPm66ioCTl0L1QxpOEZkxKr/pUy8MD3jkPWUtRqTx1NcGo

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)