Debian: DSA-3660-1: chromium-browser security update

    Date05 Sep 2016
    CategoryDebian
    42
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5147
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3660-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    September 05, 2016                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150
                     CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154
                     CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158
                     CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162
                     CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166
                     CVE-2016-5167
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2016-5147
    
        A cross-site scripting issue was discovered.
    
    CVE-2016-5148
    
        Another cross-site scripting issue was discovered.
    
    CVE-2016-5149
    
        Max Justicz discovered a script injection issue in extension handling.
    
    CVE-2016-5150
    
        A use-after-free issue was discovered in Blink/Webkit.
    
    CVE-2016-5151
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2016-5152
    
        GiWan Go discovered a heap overflow issue in the pdfium library.
    
    CVE-2016-5153
    
        Atte Kettunen discovered a use-after-destruction issue.
    
    CVE-2016-5154
    
        A heap overflow issue was discovered in the pdfium library.
    
    CVE-2016-5155
    
        An address bar spoofing issue was discovered.
    
    CVE-2016-5156
    
        jinmo123 discovered a use-after-free issue.
    
    CVE-2016-5157
    
        A heap overflow issue was discovered in the pdfium library.
    
    CVE-2016-5158
    
        GiWan Go discovered a heap overflow issue in the pdfium library.
    
    CVE-2016-5159
    
        GiWan Go discovered another heap overflow issue in the pdfium library.
    
    CVE-2016-5160
    
        @l33terally discovered an extensions resource bypass.
    
    CVE-2016-5161
    
        A type confusion issue was discovered.
    
    CVE-2016-5162
    
        Nicolas Golubovic discovered an extensions resource bypass.
    
    CVE-2016-5163
    
        Rafay Baloch discovered an address bar spoofing issue.
    
    CVE-2016-5164
    
        A cross-site scripting issue was discovered in the developer tools.
    
    CVE-2016-5165
    
        Gregory Panakkal discovered a script injection issue in the developer
        tools.
    
    CVE-2016-5166
    
        Gregory Panakkal discovered an issue with the Save Page As feature.
    
    CVE-2016-5167
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 53.0.2785.89-1~deb8u1.
    
    For the testing distribution (stretch), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 53.0.2785.89-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.