Debian: DSA-3637-1: chromium-browser security update

    Date31 Jul 2016
    CategoryDebian
    27
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3637-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    July 31, 2016                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707
                     CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711
                     CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130
                     CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134
                     CVE-2016-5135 CVE-2016-5136 CVE-2016-5137
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2016-1704
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    CVE-2016-1705
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    CVE-2016-1706
    
        Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.
    
    CVE-2016-1707
    
        xisigr discovered a URL spoofing issue.
    
    CVE-2016-1708
    
        Adam Varsan discovered a use-after-free issue.
    
    CVE-2016-1709
    
        ChenQin a buffer overflow issue in the sfntly library.
    
    CVE-2016-1710
    
        Mariusz Mlynski discovered a same-origin bypass.
    
    CVE-2016-1711
    
        Mariusz Mlynski discovered another same-origin bypass.
    
    CVE-2016-5127
    
        cloudfuzzer discovered a use-after-free issue.
    
    CVE-2016-5128
    
        A same-origin bypass issue was discovered in the v8 javascript library.
    
    CVE-2016-5129
    
        Jeonghoon Shin discovered a memory corruption issue in the v8 javascript
        library.
    
    CVE-2016-5130
    
        Widih Matar discovered a URL spoofing issue.
    
    CVE-2016-5131
    
        Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.
    
    CVE-2016-5132
    
        Ben Kelly discovered a same-origin bypass.
    
    CVE-2016-5133
    
        Patch Eudor discovered an issue in proxy authentication.
    
    CVE-2016-5134
    
        Paul Stone discovered an information leak in the Proxy Auto-Config
        feature.
    
    CVE-2016-5135
    
        ShenYeYinJiu discovered a way to bypass the Content Security Policy.
    
    CVE-2016-5136
    
        Rob Wu discovered a use-after-free issue.
    
    CVE-2016-5137
    
        Xiaoyin Liu discovered a way to discover whether an HSTS web side had been
        visited.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 52.0.2743.82-1~deb8u1.
    
    For the testing (stretch) and unstable (sid) distributions, these problems
    have been fixed in version 52.0.2743.82-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.