Debian: DSA-3731-1: chromium-browser security update

    Date11 Dec 2016
    CategoryDebian
    70
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3731-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    December 11, 2016                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184
                     CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188
                     CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192
                     CVE-2016-5193 CVE-2016-5194 CVE-2016-5198 CVE-2016-5199
                     CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203
                     CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207
                     CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211
                     CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215
                     CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219
                     CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223
                     CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650
                     CVE-2016-9651 CVE-2016-9652
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2016-5181
    
        A cross-site scripting issue was discovered.
    
    CVE-2016-5182
    
        Giwan Go discovered a heap overflow issue.
    
    CVE-2016-5183
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2016-5184
    
        Another use-after-free issue was discovered in the pdfium library.
    
    CVE-2016-5185
    
        cloudfuzzer discovered a use-after-free issue in Blink/Webkit.
    
    CVE-2016-5186
    
        Abdulrahman Alqabandi discovered an out-of-bounds read issue in the
        developer tools.
    
    CVE-2016-5187
    
        Luan Herrera discovered a URL spoofing issue.
    
    CVE-2016-5188
    
        Luan Herrera discovered that some drop down menus can be used to
        hide parts of the user interface.
    
    CVE-2016-5189
    
        xisigr discovered a URL spoofing issue.
    
    CVE-2016-5190
    
        Atte Kettunen discovered a use-after-free issue.
    
    CVE-2016-5191
    
        Gareth Hughes discovered a cross-site scripting issue.
    
    CVE-2016-5192
    
        This email address is being protected from spambots. You need JavaScript enabled to view it. discovered a same-origin bypass.
    
    CVE-2016-5193
    
        Yuyang Zhou discovered a way to pop open a new window.
    
    CVE-2016-5194
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    CVE-2016-5198
    
        Tencent Keen Security Lab discovered an out-of-bounds memory access
        issue in the v8 javascript library.
    
    CVE-2016-5199
    
        A heap corruption issue was discovered in the ffmpeg library.
    
    CVE-2016-5200
    
        Choongwoo Han discovered an out-of-bounds memory access issue in
        the v8 javascript library.
    
    CVE-2016-5201
    
        Rob Wu discovered an information leak.
    
    CVE-2016-5202
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    CVE-2016-5203
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2016-5204
    
        Mariusz Mlynski discovered a cross-site scripting issue in SVG
        image handling.
    
    CVE-2016-5205
    
        A cross-site scripting issue was discovered.
    
    CVE-2016-5206
    
        Rob Wu discovered a same-origin bypass in the pdfium library.
    
    CVE-2016-5207
    
        Mariusz Mlynski discovered a cross-site scripting issue.
    
    CVE-2016-5208
    
        Mariusz Mlynski discovered another cross-site scripting issue.
    
    CVE-2016-5209
    
        Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.
    
    CVE-2016-5210
    
        Ke Liu discovered an out-of-bounds write in the pdfium library.
    
    CVE-2016-5211
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2016-5212
    
        Khalil Zhani discovered an information disclosure issue in the
        developer tools.
    
    CVE-2016-5213
    
        Khalil Zhani discovered a use-after-free issue in the v8 javascript
        library.
    
    CVE-2016-5214
    
        Jonathan Birch discovered a file download protection bypass.
    
    CVE-2016-5215
    
        Looben Yang discovered a use-after-free issue.
    
    CVE-2016-5216
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2016-5217
    
        Rob Wu discovered a condition where data was not validated by
        the pdfium library.
    
    CVE-2016-5218
    
        Abdulrahman Alqabandi discovered a URL spoofing issue.
    
    CVE-2016-5219
    
        Rob Wu discovered a use-after-free issue in the v8 javascript
        library.
    
    CVE-2016-5220
    
        Rob Wu discovered a way to access files on the local system.
    
    CVE-2016-5221
    
        Tim Becker discovered an integer overflow issue in the angle
        library.
    
    CVE-2016-5222
    
        xisigr discovered a URL spoofing issue.
    
    CVE-2016-5223
    
        Hwiwon Lee discovered an integer overflow issue in the pdfium
        library.
    
    CVE-2016-5224
    
        Roeland Krak discovered a same-origin bypass in SVG image handling.
    
    CVE-2016-5225
    
        Scott Helme discovered a Content Security Protection bypass.
    
    CVE-2016-5226
    
        Jun Kokatsu discovered a cross-scripting issue.
    
    CVE-2016-9650
    
        Jakub Żoczek discovered a Content Security Protection information
        disclosure.
    
    CVE-2016-9651
    
        Guang Gong discovered a way to access private data in the v8
        javascript library.
    
    CVE-2016-9652
    
        The chrome development team found and fixed various issues during
        internal auditing.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 55.0.2883.75-1~deb8u1.
    
    For the testing distribution (stretch), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 55.0.2883.75-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.76,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":12.93,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.31,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.