Debian: DSA-3926-1: chromium-browser security update

    Date04 Aug 2017
    CategoryDebian
    41
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3926-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    August 04, 2017                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091
                     CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095
                     CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100
                     CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104
                     CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108
                     CVE-2017-5109 CVE-2017-5110 CVE-2017-7000
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2017-5087
    
        Ned Williamson discovered a way to escape the sandbox.
    
    CVE-2017-5088
    
        Xiling Gong discovered an out-of-bounds read issue in the v8 javascript
        library.
    
    CVE-2017-5089
    
        Michal Bentkowski discovered a spoofing issue.
    
    CVE-2017-5091
    
        Ned Williamson discovered a use-after-free issue in IndexedDB.
    
    CVE-2017-5092
    
        Yu Zhou discovered a use-after-free issue in PPAPI.
    
    CVE-2017-5093
    
        Luan Herrera discovered a user interface spoofing issue.
    
    CVE-2017-5094
    
        A type confusion issue was discovered in extensions.
    
    CVE-2017-5095
    
        An out-of-bounds write issue was discovered in the pdfium library.
    
    CVE-2017-5097
    
        An out-of-bounds read issue was discovered in the skia library.
    
    CVE-2017-5098
    
        Jihoon Kim discover a use-after-free issue in the v8 javascript library.
    
    CVE-2017-5099
    
        Yuan Deng discovered an out-of-bounds write issue in PPAPI.
    
    CVE-2017-5100
    
        A use-after-free issue was discovered in Chrome Apps.
    
    CVE-2017-5101
    
        Luan Herrera discovered a URL spoofing issue.
    
    CVE-2017-5102
    
        An uninitialized variable was discovered in the skia library.
    
    CVE-2017-5103
    
        Another uninitialized variable was discovered in the skia library.
    
    CVE-2017-5104
    
        Khalil Zhani discovered a user interface spoofing issue.
    
    CVE-2017-5105
    
        Rayyan Bijoora discovered a URL spoofing issue.
    
    CVE-2017-5106
    
        Jack Zac discovered a URL spoofing issue.
    
    CVE-2017-5107
    
        David Kohlbrenner discovered an information leak in SVG file handling.
    
    CVE-2017-5108
    
        Guang Gong discovered a type confusion issue in the pdfium library.
    
    CVE-2017-5109
    
        Jose Maria Acuna Morgado discovered a user interface spoofing issue.
    
    CVE-2017-5110
    
        xisigr discovered a way to spoof the payments dialog.
    
    CVE-2017-7000
    
        Chaitin Security Research Lab discovered an information disclosure
        issue in the sqlite library.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 60.0.3112.78-1~deb9u1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 60.0.3112.78-1 or earlier versions.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":54.17,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16.67,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":29.17,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.