Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

Debian: DSA-4020-1 Critical: Chromium Browser Heap Overflow Issues

debian
Calendar Grey November 7, 2017
Debian Logo
Multiple security flaws discovered in chromium-browser. Update immediately to ensure ongoing protection on Debian.
Several vulnerabilities have been discovered in the chromium web browser

Summary

In addition, this message serves as an annoucment that security support for
chromium in the oldstable release (jessie), Debian 8, is now discontinued.

Debian 8 chromium users that desire continued security updates are strongly
encouraged to upgrade now to the current stable release (stretch), Debian 9.

An alternative is to switch to the firefox browser, which will continue to
receive security updates in jessie for some time.

CVE-2017-5124

A cross-site scripting issue was discovered in MHTML.

CVE-2017-5125

A heap overflow issue was discovered in the skia library.

CVE-2017-5126

Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-5127

Luat Nguyen discovered another use-after-free issue in the pdfium
library.

CVE-2017-5128

Omair discovered a heap overflow issue in the WebGL implementation.

CVE-2017-5129

Omair discovered a use-after-free issue in the WebAudio implementation.

CVE-2017-5131

An out-of-bounds write issue was discovered in the skia library.

...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: chromium-browser
CVE ID: CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.