Debian: DSA-3415-1: chromium-browser security update

    Date09 Dec 2015
    CategoryDebian
    108
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1302
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3415-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    December 09, 2015                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766
                     CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770
                     CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774
                     CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778
                     CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782
                     CVE-2015-6784 CVE-2015-6785 CVE-2015-6786
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2015-1302
    
        Rub Wu discovered an information leak in the pdfium library.
    
    CVE-2015-6764
    
        Guang Gong discovered an out-of-bounds read issue in the v8
        javascript library.
    
    CVE-2015-6765
    
        A use-after-free issue was discovered in AppCache.
    
    CVE-2015-6766
    
        A use-after-free issue was discovered in AppCache.
    
    CVE-2015-6767
    
        A use-after-free issue was discovered in AppCache.
    
    CVE-2015-6768
    
        Mariusz Mlynski discovered a way to bypass the Same Origin
        Policy.
    
    CVE-2015-6769
    
        Mariusz Mlynski discovered a way to bypass the Same Origin
        Policy.
    
    CVE-2015-6770
    
        Mariusz Mlynski discovered a way to bypass the Same Origin
        Policy.
    
    CVE-2015-6771
    
        An out-of-bounds read issue was discovered in the v8
        javascript library.
    
    CVE-2015-6772
    
        Mariusz Mlynski discovered a way to bypass the Same Origin
        Policy.
    
    CVE-2015-6773
    
        cloudfuzzer discovered an out-of-bounds read issue in the
        skia library.
    
    CVE-2015-6774
    
        A use-after-free issue was found in extensions binding.
    
    CVE-2015-6775
    
        Atte Kettunen discovered a type confusion issue in the pdfium
        library.
    
    CVE-2015-6776
    
        Hanno Böck dicovered and out-of-bounds access issue in the
        openjpeg library, which is used by pdfium.
    
    CVE-2015-6777
    
        Long Liu found a use-after-free issue.
    
    CVE-2015-6778
    
        Karl Skomski found an out-of-bounds read issue in the pdfium
        library.
    
    CVE-2015-6779
    
        Til Jasper Ullrich discovered that the pdfium library does
        not sanitize "chrome:" URLs.
    
    CVE-2015-6780
    
        Khalil Zhani discovered a use-after-free issue.
    
    CVE-2015-6781
    
        miaubiz discovered an integer overflow issue in the sfntly
        library.
    
    CVE-2015-6782
    
        Luan Herrera discovered a URL spoofing issue.
    
    CVE-2015-6784
    
        Inti De Ceukelaire discovered a way to inject HTML into
        serialized web pages.
    
    CVE-2015-6785
    
        Michael Ficarra discovered a way to bypass the Content
        Security Policy.
    
    CVE-2015-6786
    
        Michael Ficarra discovered another way to bypass the Content
        Security Policy.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 47.0.2526.73-1~deb8u1.
    
    For the testing distribution (stretch), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 47.0.2526.73-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.