1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3776-1] chromium-browser security update

    From Michael Gilbert@1:229/2 to All on Tue Jan 31 03:10:01 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3776-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 31, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium-browser
    CVE ID : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009
    CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013
    CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017
    CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
    CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025
    CVE-2017-5026

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2017-5006

    Mariusz Mlynski discovered a cross-site scripting issue.

    CVE-2017-5007

    Mariusz Mlynski discovered another cross-site scripting issue.

    CVE-2017-5008

    Mariusz Mlynski discovered a third cross-site scripting issue.

    CVE-2017-5009

    Sean Stanek and Chip Bradford discovered an out-of-bounds memory
    issue in the webrtc library.

    CVE-2017-5010

    Mariusz Mlynski discovered a fourth cross-site scripting issue.

    CVE-2017-5011

    Khalil Zhani discovered a way to access unauthorized files in the
    developer tools.

    CVE-2017-5012

    Gergely Nagy discovered a heap overflow issue in the v8 javascript
    library.

    CVE-2017-5013

    Haosheng Wang discovered a URL spoofing issue.

    CVE-2017-5014

    sweetchip discovered a heap overflow issue in the skia library.

    CVE-2017-5015

    Armin Razmdjou discovered a URL spoofing issue.

    CVE-2017-5016

    Haosheng Wang discovered another URL spoofing issue.

    CVE-2017-5017

    danberm discovered an uninitialized memory issue in support for
    webm video files.

    CVE-2017-5018

    Rob Wu discovered a cross-site scripting issue.

    CVE-2017-5019

    Wadih Matar discovered a use-after-free issue.

    CVE-2017-5020

    Rob Wu discovered another cross-site scripting issue.

    CVE-2017-5021

    Rob Wu discovered a use-after-free issue in extensions.

    CVE-2017-5022

    PKAV Team discovered a way to bypass the Content Security Policy.

    CVE-2017-5023

    UK's National Cyber Security Centre (NCSC) discovered a type
    confusion issue.

    CVE-2017-5024

    Paul Mehta discovered a heap overflow issue in the ffmpeg library.

    CVE-2017-5025

    Paul Mehta discovered another heap overflow issue in the ffmpeg
    library.

    CVE-2017-5026

    Ronni Skansing discovered a user interface spoofing issue.

    For the stable distribution (jessie), these problems have been fixed in
    version 56.0.2924.76-1~deb8u1.

    For the testing (stretch) and unstable (sid) distributions, these
    problems will be fixed soon.

    We recommend that you upgrade your chromium-browser packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliP5ZYACgkQuNayzQLW 9HNRjx//TPRlrRu8fqGDFL7QeNtGCJtqj37+4fNAawWfsf5WBUb3ztOrZRXMJYgY Kvo9R216RFXrAGI/XIVBZtVtDDeiJUjy2GKq95voWkHlFbfMAexoyydj+adthd5Z 2AIynQ3gSFCcqNMANkTA0oA8iaVFIu04bfMDSByDFunaXyi/xZgopHhZbAvWbwdV paRxUWBNMt9q8XZ1LKnqC2mszCs/V/A9AN8fIBHyct2aXFwZcH2YX6SKLRqiNA0+ 2yRtg1H/M1zNqa/rWhqZsGJD00RLBSNdABaLPbaDPhb+xO4ydU1O8p4XZo3g+9lR EaOgN716KUmY0uwX5TLWJ6KDActis193kAsyE3hQMu+MwwJV7dPtpgFVJ/ZLiqaG MA03zjxjfUDMVds4IDV4zYaHkzTEdYvelIktFakioocc1wXAwuVhlajQDn8mVkKh v3Vdk9aUnAAdrS8YsNKAYO3XYED3GXY0PxHwQCww1EZBR31MCeVi8nn8Mq9jx95U 1Yl16WhMTVmwfOwj4Qpa9Ttcv0JR56/DT8CQEhdLf9hNr0rzitbj2ZQXq0OJQher TGgrxerGTBlBsHGIaUkbkJCv+lXRrHhxlX8ADsaYicBJNCLAjOJDc6qFpbksl9R5 +zMxr0C9ldMszeVbTofQgTksB9nt8xILOEMpavkzlLmTBUgksOI5OU+KhB2X/WEQ kHoBPMqzaa6ZHjnD+rypql2hLAqPlrX14KbFO4dkShNEx3Gpv3ZUTV4cHBq+97GL XHC7YFc8/9Y+VdJQpMGxHEY2+4EwSXvbtRfKF5vK4smgmDSbEU+P8ysZBGQg3tE6 860aCISq0nf7HShhURMfeUSzOEMBErfJnIkvHDBt4WIiaLHo1y39lzzLW0YtAU9n txn0Tmp4hP0xH0Z96QslngJeTlCRlsspRLU8szQmC0yJws/kUvhYsqxSdh415XyH y1v1mbQhGg97yvL4gexKEnFzYwtaebQthi0glBRHiBwDg0BafXD1n8AYGJdtSQFw okpcWqFnV7+K3fRqfdOwmrIaABVDKGOt6cAqILqUdVZoavod48T4SqecE1apBtLs 813mj1G1r97gCcUF8VgYoRywZExNKp5fuUGZAVU8PyqlSoCr/nLO9bRFdmsmePJz YR3IydCvqgVSzFKaml3EwmZAhFemLGzjORKdxPoIclplxgANIFCmHg0ZAhfpF16m jCwcw3hu5D0Pu4JJxkLLI79qu1rVGoCBhR8h94Iyf8AvvUU52GIYUgRkwMc0yFqY KgNpFexlEUc7kXZAgX63UUgsPVSqFwVuV/maxEXb3TT1InOqoAiF/g++ksxdi+Lp M361Xy7RzeIIEq90nOps7qi9XpXfeA==
    =KVhv
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)