Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-24 ========================================= Severity: Critical Date : 2016-03-26 CVE-ID : CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649 CVE-2016-1650 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 49.0.2623.108-1 is vulnerable to multiple issues. Resolution ========= Upgrade to 49.0.2623.108-1. # pacman -Syu "chromium>=49.0.2623.108-1" The problem has been fixed upstream in version 49.0.2623.108. Workaround ========= None. Description ========== - CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab. - CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous. - CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous. - CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with HP's Zero Day Initiative / Pwn2Own. - CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives. Impact ===== A remote attacker can cause a denial of service or have another unspecified impact on the affected host. References ========= https://chromereleases.googleblog.com/2016/03/stable-channel-update_24.html https://access.redhat.com/security/cve/CVE-2016-1646 https://access.redhat.com/security/cve/CVE-2016-1647 https://access.redhat.com/security/cve/CVE-2016-1648 https://access.redhat.com/security/cve/CVE-2016-1649 https://access.redhat.com/security/cve/CVE-2016-1650