Debian: DSA-3985-1: chromium-browser security update

    Date28 Sep 2017
    CategoryDebian
    68
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5111
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3985-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    September 28, 2017                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114
                     CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118
                     CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2017-5111
    
        Luat Nguyen discovered a use-after-free issue in the pdfium library.
    
    CVE-2017-5112
    
        Tobias Klein discovered a buffer overflow issue in the webgl
        library.
    
    CVE-2017-5113
    
        A buffer overflow issue was discovered in the skia library.
    
    CVE-2017-5114
    
        Ke Liu discovered a memory issue in the pdfium library.
    
    CVE-2017-5115
    
        Marco Giovannini discovered a type confusion issue in the v8
        javascript library.
    
    CVE-2017-5116
    
        Guang Gong discovered a type confusion issue in the v8 javascript
        library.
    
    CVE-2017-5117
    
        Tobias Klein discovered an uninitialized value in the skia library.
    
    CVE-2017-5118
    
        WenXu Wu discovered a way to bypass the Content Security Policy.
    
    CVE-2017-5119
    
        Another uninitialized value was discovered in the skia library.
    
    CVE-2017-5120
    
        Xiaoyin Liu discovered a way downgrade HTTPS connections during
        redirection.
    
    CVE-2017-5121
    
        Jordan Rabet discovered an out-of-bounds memory access in the v8
        javascript library.
    
    CVE-2017-5122
    
        Choongwoo Han discovered an out-of-bounds memory access in the v8
        javascript library.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 61.0.3163.100-1~deb9u1.
    
    For the testing distribution (buster), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 61.0.3163.100-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.