Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-5 ======================================== Severity: High Date : 2016-03-09 CVE-ID : CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 49.0.2623.87-1 is vulnerable to multiple issues including type confusion, use-after-free and out-of-bounds write. Resolution ========= Upgrade to 49.0.2623.87-1. # pacman -Syu "chromium>=49.0.2623.87-1" The problems have been fixed upstream in version 49.0.2623.87. Workaround ========= None. Description ========== - CVE-2016-1643 (type confusion) Type confusion in Blink. - CVE-2016-1644 (use-after-free) Use-after-free in Blink. - CVE-2016-1645 (out-of-bounds write) Out-of-bounds write in PDFium. Impact ===== A remote attacker is able to crash the application resulting in denial of service or execute arbitrary code. References ========= https://access.redhat.com/security/cve/CVE-2016-1643 https://access.redhat.com/security/cve/CVE-2016-1644 https://access.redhat.com/security/cve/CVE-2016-1645 https://chromereleases.googleblog.com/2016/03/stable-channel-update_8.html