This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB
Content-Type: multipart/mixed; boundary="PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt"
From: Aaron Bauman
To: gentoo-announce@lists.gentoo.org
Message-ID: <6133c6a5-470b-c7d5-dece-87dcb02dae44@gentoo.org>
Subject: [ GLSA 201607-07 ] Chromium: Multiple vulnerabilities
--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt
Content-Type: multipart/alternative;
boundary="------------2A20565CD03AE71546765F80"
This is a multi-part message in MIME format.
--------------2A20565CD03AE71546765F80
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 51.0.2704.103 >= 51.0.2704.103
Description
===========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-51.0.2704.103"
References
==========
[ 1 ] CVE-2016-1672
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672
[ 2 ] CVE-2016-1673
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673
[ 3 ] CVE-2016-1674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674
[ 4 ] CVE-2016-1675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675
[ 5 ] CVE-2016-1676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676
[ 6 ] CVE-2016-1677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677
[ 7 ] CVE-2016-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678
[ 8 ] CVE-2016-1679
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679
[ 9 ] CVE-2016-1680
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680
[ 10 ] CVE-2016-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681
[ 11 ] CVE-2016-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682
[ 12 ] CVE-2016-1683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683
[ 13 ] CVE-2016-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684
[ 14 ] CVE-2016-1685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685
[ 15 ] CVE-2016-1686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686
[ 16 ] CVE-2016-1687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687
[ 17 ] CVE-2016-1688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688
[ 18 ] CVE-2016-1689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689
[ 19 ] CVE-2016-1690
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690
[ 20 ] CVE-2016-1691
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691
[ 21 ] CVE-2016-1692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692
[ 22 ] CVE-2016-1693
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693
[ 23 ] CVE-2016-1694
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694
[ 24 ] CVE-2016-1695
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------2A20565CD03AE71546765F80
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - -=
- - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/=
a>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 51.0.2704.103 >=3D 51.0.2704=
=2E103=20
Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
=3D=3D=3D=3D=3D=3D
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
There is no known workaround at this time.
Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=3Dwww-client/chromium-51.0.2704.103"
References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[ 1 ] CVE-2016-1672
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1672
[ 2 ] CVE-2016-1673
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1673
[ 3 ] CVE-2016-1674
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1674
[ 4 ] CVE-2016-1675
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1675
[ 5 ] CVE-2016-1676
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1676
[ 6 ] CVE-2016-1677
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1677
[ 7 ] CVE-2016-1678
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1678
[ 8 ] CVE-2016-1679
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1679
[ 9 ] CVE-2016-1680
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1680
[ 10 ] CVE-2016-1681
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1681
[ 11 ] CVE-2016-1682
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1682
[ 12 ] CVE-2016-1683
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1683
[ 13 ] CVE-2016-1684
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1684
[ 14 ] CVE-2016-1685
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1685
[ 15 ] CVE-2016-1686
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1686
[ 16 ] CVE-2016-1687
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1687
[ 17 ] CVE-2016-1688
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1688
[ 18 ] CVE-2016-1689
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1689
[ 19 ] CVE-2016-1690
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1690
[ 20 ] CVE-2016-1691
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1691
[ 21 ] CVE-2016-1692
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1692
[ 22 ] CVE-2016-1693
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1693
[ 23 ] CVE-2016-1694
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1694
[ 24 ] CVE-2016-1695
http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1695
Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-07
Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https=
://bugs.gentoo.org.
License
=3D=3D=3D=3D=3D=3D=3D
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------2A20565CD03AE71546765F80--
--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt--
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1
iQJ8BAEBCgBmBQJXijVZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5
RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/3+cP/3rHS69LV3KZt6d2GRV6hWWn
vyByjox93RnAolt3HSZOaqnIqnqyod3EP8MaxjAG+bTu0vczqu+nxxMBqx/m+vgY
/RT60wzuGYNIl/Gw8HQsY05eCyP5TUwXqFjWodX8SanrKKVJdJ3ULItor034No1x
MmwN59PHCDu2x/NnEn/UjozrTiUH3UQevo6cRaWfuC+1bPCqCxaQzo0Jdl1lpk/D
1shhyXs8vfqD7E35r3mOBUy7Hwg3RkQAW6ykDtf6VyeC2fK0N5IIQee7hWsX2OlV
UyvBKZuEkeei8mRS2T1zli5IPts3pZyTu/Yy2gc4IoU7/EOW0/WCTkoEXQyyJSoL
9NwzQmgp7TjmeB6xELbIffqLs5UOULWZr10NDKca4m4YsxUVRRvhPjmhfZiT22ns
exhdmXiMwM9qkKe36RSLnsMH28WEgRy6rMXthLqOLugppbFJTZWG1HRoJc7068or
TnSpoPLD5uNPjU8q88RTP1gTegJ3lXnfLjCUdAkpD7GcIpGV3knX8JSRuv6tY5yQ
GwEjQwIwdL35/DCKfklNN0MXOMjlh42nCepH/Ns1BRh1cDt3cPZf2ufi93g9oAA/
+3cm9VehT1Vvq3ND1KQTiBhoYYV2crkpByL2aeNN9MDmgX+g2QHup4BHVAtERap4
KQgq9Q+UDR+mRNCQOwj/
=1Oqi
-----END PGP SIGNATURE-----
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB--
|