Debian: DSA-3590-1: chromium-browser security update

    Date31 May 2016
    CategoryDebian
    43
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3590-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    June 01, 2016                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670
                     CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675
                     CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679
                     CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683
                     CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687
                     CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691
                     CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2016-1667
    
        Mariusz Mylinski discovered a cross-origin bypass.
    
    CVE-2016-1668
    
        Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.
    
    CVE-2016-1669
    
        Choongwoo Han discovered a buffer overflow in the v8 javascript
        library.
    
    CVE-2016-1670
    
        A race condition was found that could cause the renderer process
        to reuse ids that should have been unique.
    
    CVE-2016-1672
    
        Mariusz Mylinski discovered a cross-origin bypass in extension
        bindings.
    
    CVE-2016-1673
    
        Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.
    
    CVE-2016-1674
    
        Mariusz Mylinski discovered another cross-origin bypass in extension
        bindings.
    
    CVE-2016-1675
    
        Mariusz Mylinski discovered another cross-origin bypass in
        Blink/Webkit.
    
    CVE-2016-1676
    
        Rob Wu discovered a cross-origin bypass in extension bindings.
    
    CVE-2016-1677
    
        Guang Gong discovered a type confusion issue in the v8 javascript
        library.
    
    CVE-2016-1678
    
        Christian Holler discovered an overflow issue in the v8 javascript
        library.
    
    CVE-2016-1679
    
        Rob Wu discovered a use-after-free issue in the bindings to v8.
    
    CVE-2016-1680
    
        Atte Kettunen discovered a use-after-free issue in the skia library.
    
    CVE-2016-1681
    
        Aleksandar Nikolic discovered an overflow issue in the pdfium
        library.
    
    CVE-2016-1682
    
        KingstonTime discovered a way to bypass the Content Security Policy.
    
    CVE-2016-1683
    
        Nicolas Gregoire discovered an out-of-bounds write issue in the
        libxslt library.
    
    CVE-2016-1684
    
        Nicolas Gregoire discovered an integer overflow issue in the
        libxslt library.
    
    CVE-2016-1685
    
        Ke Liu discovered an out-of-bounds read issue in the pdfium library.
    
    CVE-2016-1686
    
        Ke Liu discovered another out-of-bounds read issue in the pdfium
        library.
    
    CVE-2016-1687
    
        Rob Wu discovered an information leak in the handling of extensions.
    
    CVE-2016-1688
    
        Max Korenko discovered an out-of-bounds read issue in the v8
        javascript library.
    
    CVE-2016-1689
    
        Rob Wu discovered a buffer overflow issue.
    
    CVE-2016-1690
    
        Rob Wu discovered a use-after-free issue.
    
    CVE-2016-1691
    
        Atte Kettunen discovered a buffer overflow issue in the skia library.
    
    CVE-2016-1692
    
        Til Jasper Ullrich discovered a cross-origin bypass issue.
    
    CVE-2016-1693
    
        Khalil Zhani discovered that the Software Removal Tool download was
        done over an HTTP connection.
    
    CVE-2016-1694
    
        Ryan Lester and Bryant Zadegan discovered that pinned public keys
        would be removed when clearing the browser cache.
    
    CVE-2016-1695
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 51.0.2704.63-1~deb8u1.
    
    For the testing distribution (stretch), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 51.0.2704.63-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.