- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201610-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium: Multiple vulnerabilities
     Date: October 29, 2016
     Bugs: #589278, #590420, #592630, #593708, #595614, #597016
       ID: 201610-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.

Background
=========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 54.0.2840.59         >= 54.0.2840.59

Description
==========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.

Impact
=====
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-54.0.2840.59"

References
=========
[  1 ] CVE-2016-5127
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127
[  2 ] CVE-2016-5128
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128
[  3 ] CVE-2016-5129
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129
[  4 ] CVE-2016-5130
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130
[  5 ] CVE-2016-5131
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
[  6 ] CVE-2016-5132
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132
[  7 ] CVE-2016-5133
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133
[  8 ] CVE-2016-5134
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134
[  9 ] CVE-2016-5135
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135
[ 10 ] CVE-2016-5136
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136
[ 11 ] CVE-2016-5137
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137
[ 12 ] CVE-2016-5138
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138
[ 13 ] CVE-2016-5139
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139
[ 14 ] CVE-2016-5140
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140
[ 15 ] CVE-2016-5141
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141
[ 16 ] CVE-2016-5142
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142
[ 17 ] CVE-2016-5143
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143
[ 18 ] CVE-2016-5144
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144
[ 19 ] CVE-2016-5145
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145
[ 20 ] CVE-2016-5146
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146
[ 21 ] CVE-2016-5147
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147
[ 22 ] CVE-2016-5148
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148
[ 23 ] CVE-2016-5149
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149
[ 24 ] CVE-2016-5150
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150
[ 25 ] CVE-2016-5151
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151
[ 26 ] CVE-2016-5152
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152
[ 27 ] CVE-2016-5153
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153
[ 28 ] CVE-2016-5154
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154
[ 29 ] CVE-2016-5155
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155
[ 30 ] CVE-2016-5156
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156
[ 31 ] CVE-2016-5157
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157
[ 32 ] CVE-2016-5158
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158
[ 33 ] CVE-2016-5159
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159
[ 34 ] CVE-2016-5160
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160
[ 35 ] CVE-2016-5161
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161
[ 36 ] CVE-2016-5162
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162
[ 37 ] CVE-2016-5163
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163
[ 38 ] CVE-2016-5164
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164
[ 39 ] CVE-2016-5165
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165
[ 40 ] CVE-2016-5166
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166
[ 41 ] CVE-2016-5167
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167
[ 42 ] CVE-2016-5170
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170
[ 43 ] CVE-2016-5171
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171
[ 44 ] CVE-2016-5172
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172
[ 45 ] CVE-2016-5173
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173
[ 46 ] CVE-2016-5174
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174
[ 47 ] CVE-2016-5175
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175
[ 48 ] CVE-2016-5177
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177
[ 49 ] CVE-2016-5178
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178
[ 50 ] CVE-2016-5181
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181
[ 51 ] CVE-2016-5182
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182
[ 52 ] CVE-2016-5183
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183
[ 53 ] CVE-2016-5184
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184
[ 54 ] CVE-2016-5185
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185
[ 55 ] CVE-2016-5186
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186
[ 56 ] CVE-2016-5187
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187
[ 57 ] CVE-2016-5188
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188
[ 58 ] CVE-2016-5189
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189
[ 59 ] CVE-2016-5190
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190
[ 60 ] CVE-2016-5191
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191
[ 61 ] CVE-2016-5192
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192
[ 62 ] CVE-2016-5193
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193
[ 63 ] CVE-2016-5194
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201610-09

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201610-09: Chromium: Multiple vulnerabilities

Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.

Summary

Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.

Resolution

All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-54.0.2840.59"

References

[ 1 ] CVE-2016-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127 [ 2 ] CVE-2016-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128 [ 3 ] CVE-2016-5129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129 [ 4 ] CVE-2016-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130 [ 5 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 [ 6 ] CVE-2016-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132 [ 7 ] CVE-2016-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133 [ 8 ] CVE-2016-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134 [ 9 ] CVE-2016-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135 [ 10 ] CVE-2016-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136 [ 11 ] CVE-2016-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137 [ 12 ] CVE-2016-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138 [ 13 ] CVE-2016-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139 [ 14 ] CVE-2016-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140 [ 15 ] CVE-2016-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141 [ 16 ] CVE-2016-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142 [ 17 ] CVE-2016-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143 [ 18 ] CVE-2016-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144 [ 19 ] CVE-2016-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145 [ 20 ] CVE-2016-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146 [ 21 ] CVE-2016-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147 [ 22 ] CVE-2016-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148 [ 23 ] CVE-2016-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149 [ 24 ] CVE-2016-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150 [ 25 ] CVE-2016-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151 [ 26 ] CVE-2016-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152 [ 27 ] CVE-2016-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153 [ 28 ] CVE-2016-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154 [ 29 ] CVE-2016-5155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155 [ 30 ] CVE-2016-5156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156 [ 31 ] CVE-2016-5157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157 [ 32 ] CVE-2016-5158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158 [ 33 ] CVE-2016-5159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159 [ 34 ] CVE-2016-5160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160 [ 35 ] CVE-2016-5161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161 [ 36 ] CVE-2016-5162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162 [ 37 ] CVE-2016-5163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163 [ 38 ] CVE-2016-5164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164 [ 39 ] CVE-2016-5165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165 [ 40 ] CVE-2016-5166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166 [ 41 ] CVE-2016-5167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167 [ 42 ] CVE-2016-5170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170 [ 43 ] CVE-2016-5171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171 [ 44 ] CVE-2016-5172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172 [ 45 ] CVE-2016-5173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173 [ 46 ] CVE-2016-5174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174 [ 47 ] CVE-2016-5175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175 [ 48 ] CVE-2016-5177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177 [ 49 ] CVE-2016-5178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178 [ 50 ] CVE-2016-5181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181 [ 51 ] CVE-2016-5182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182 [ 52 ] CVE-2016-5183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183 [ 53 ] CVE-2016-5184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184 [ 54 ] CVE-2016-5185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185 [ 55 ] CVE-2016-5186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186 [ 56 ] CVE-2016-5187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187 [ 57 ] CVE-2016-5188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188 [ 58 ] CVE-2016-5189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189 [ 59 ] CVE-2016-5190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190 [ 60 ] CVE-2016-5191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191 [ 61 ] CVE-2016-5192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192 [ 62 ] CVE-2016-5193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193 [ 63 ] CVE-2016-5194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201610-09

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: October 29, 2016
Bugs: #589278, #590420, #592630, #593708, #595614, #597016
ID: 201610-09

Synopsis

Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.

Background

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 54.0.2840.59 >= 54.0.2840.59

Impact

===== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved