1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3810-1] chromium-browser security update

    From Michael Gilbert@1:229/2 to All on Wed Mar 15 13:30:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3810-1 [email protected] https://www.debian.org/security/ Michael Gilbert
    March 15, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium-browser
    CVE ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
    CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
    CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
    CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044
    CVE-2017-5045 CVE-2017-5046

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2017-5029

    Holger Fuhrmannek discovered an integer overflow issue in the libxslt
    library.

    CVE-2017-5030

    Brendon Tiszka discovered a memory corruption issue in the v8 javascript
    library.

    CVE-2017-5031

    Looben Yang discovered a use-after-free issue in the ANGLE library.

    CVE-2017-5032

    Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.

    CVE-2017-5033

    Nicolai Grødum discovered a way to bypass the Content Security Policy.

    CVE-2017-5034

    Ke Liu discovered an integer overflow issue in the pdfium library.

    CVE-2017-5035

    Enzo Aguado discovered an issue with the omnibox.

    CVE-2017-5036

    A use-after-free issue was discovered in the pdfium library.

    CVE-2017-5037

    Yongke Wang discovered multiple out-of-bounds write issues.

    CVE-2017-5038

    A use-after-free issue was discovered in the guest view.

    CVE-2017-5039

    jinmo123 discovered a use-after-free issue in the pdfium library.

    CVE-2017-5040

    Choongwoo Han discovered an information disclosure issue in the v8
    javascript library.

    CVE-2017-5041

    Jordi Chancel discovered an address spoofing issue.

    CVE-2017-5042

    Mike Ruddy discovered incorrect handling of cookies.

    CVE-2017-5043

    Another use-after-free issue was discovered in the guest view.

    CVE-2017-5044

    Kushal Arvind Shah discovered a heap overflow issue in the skia
    library.

    CVE-2017-5045

    Dhaval Kapil discovered an information disclosure issue.

    CVE-2017-5046

    Masato Kinugawa discovered an information disclosure issue.

    For the stable distribution (jessie), these problems have been fixed in
    version 57.0.2987.98-1~deb8u1.

    For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 57.0.2987.98-1.

    We recommend that you upgrade your chromium-browser packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAljJMRkACgkQuNayzQLW 9HM36B/+NXUUQ3TCDWQt+FYXtqla6j+BnUTBAsKTbmZwbz5/gAxRymzm835ilVyw r0sn4JOffZdKEmkdkHSSXwk8UQqPL2vfnQq8PQKbWvZlkmoMmxDdMNWoggRx/c6c LTUAjE/tpy1P3VBd4YdFa7fpb/M5LSpHxs36O25ZvuN6woi8zbKYLJBD+jQ5U4F+ pVO6Lgdou/26TJGq/lZ0Lfypj1esndfwxoIKCJBS845o1bdZusRynUbSyI1fV/YL Y9mkwEO1LsoGBFqlroOMlzcfRY8/pG0tRN++mebSEsh6TOFQpq+1qq1/DkyhCFKS o6deeZjYYy5CGdbx6gxPp7J8HQry4JvjV5Rj1g8vfVdJwb6i33dTZEKDghPm48pu gr2BfF2EXlGwhe+JaXmZkoEVOpX4dPnOcVgrpD0FXDJoVyqrVCo410L0MZug90Xr eTCOPVrnCHRhCfRoYyRlZASuH+HtgrD8Qy+NGUx/ZxK5Zg2Ck1+XDJLMLdwn3Y7N 5s+beUU4n0rR6O7tX8JDwx0qieloCqg2ZOACOCjy312gDt4R7kxcr+P4RxQ9tXgc o8AN1NIWNxQPovLYMD2JGD0iWt1hUmNHtbscl8MllugKv+nfgFpTNpviAqEFOpw/ 9W/o10h+lIO/yr4Den75h3QU+vPR/7V4zOlyr6PtDbIo8EwWKvy4BCGMNKtREaB2 42vGXuBqzup91wIR9YU8ZWNhdtL1tWLJQZFDnMY3RurpFmH37m4G0Ni8+vvzXwWK mEtjC9wLfTWZQ+mWXHjBGXlkRivpnppOCYhfNvGOQ9HtPKX6YBZrM+k5afzKS+z4 uZKMxN5EcA+/6s8d3h5oyzg9auvu4Zf/ifBNSzc8XF7sE6MgxU5KtMpwsBvsUwcR VGIVBzJFZAADbBQxF24+lSxA/fMkfrZC61CEZEHdMBWN/k5UUH1tjUviE5pRusuc 3SRQ2/PSCOZ2uTbJsv4J4KooOlgMl2wJCL7nyww7OaHSB7WXqxg+QWh+dMI3oQt9 k3SJcbc9y94FNPUPWzY2CZo1/Nr/7jJLOnXYtZvb000lEF+cYgpX35u+gfIf9a+R bgSPbkY1B6vRmlTJ0zt/eC0ENV23D0wrG/JT4AysW1P1zQF+AH8pUiFsKfGcF1zF RFPsMzkfI6K+hFZdfV02eznaL89jQqPmk09ZN558NoTu43ct1QLJMSzVqK1K4ORQ 39C54f6x5j1zy+fl3IvUsbGY6PKfMwDPo+W2X5ze7wI9wHcgSKEmkCMEw0DGvsKy 8SjOyJKN0YDTvyFN6hFcIJO+HHnfvWOy2et3FxZyQWudYvYjnGnFcDDz1yzxuda+ SkaB2j+BgAQPYBXZoylBjGc+izT9qA==
    =8dUe
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)