This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB Content-Type: multipart/mixed; boundary="PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt" From: Aaron Bauman <bman@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <6133c6a5-470b-c7d5-dece-87dcb02dae44@gentoo.org> Subject: [ GLSA 201607-07 ] Chromium: Multiple vulnerabilities
--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt Content-Type: multipart/alternative; boundary="------------2A20565CD03AE71546765F80"
This is a multi-part message in MIME format. --------------2A20565CD03AE71546765F80 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Chromium: Multiple vulnerabilities Date: July 16, 2016 Bugs: #584310, #586704 ID: 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.
Background ==========
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 51.0.2704.103 >= 51.0.2704.103
Description ===========
Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-51.0.2704.103"
References ==========
[ 1 ] CVE-2016-1672 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672 [ 2 ] CVE-2016-1673 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673 [ 3 ] CVE-2016-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674 [ 4 ] CVE-2016-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675 [ 5 ] CVE-2016-1676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676 [ 6 ] CVE-2016-1677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677 [ 7 ] CVE-2016-1678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678 [ 8 ] CVE-2016-1679 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679 [ 9 ] CVE-2016-1680 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680 [ 10 ] CVE-2016-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681 [ 11 ] CVE-2016-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682 [ 12 ] CVE-2016-1683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683 [ 13 ] CVE-2016-1684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684 [ 14 ] CVE-2016-1685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685 [ 15 ] CVE-2016-1686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686 [ 16 ] CVE-2016-1687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687 [ 17 ] CVE-2016-1688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688 [ 18 ] CVE-2016-1689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689 [ 19 ] CVE-2016-1690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690 [ 20 ] CVE-2016-1691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691 [ 21 ] CVE-2016-1692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692 [ 22 ] CVE-2016-1693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693 [ 23 ] CVE-2016-1694 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694 [ 24 ] CVE-2016-1695 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-07
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------2A20565CD03AE71546765F80 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
<html> <head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf= -8"> </head> <body bgcolor=3D"#FFFFFF" text=3D"#000000"> <p> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Du= tf-8"> </p> <pre style=3D"color: rgb(0, 0, 0); font-style: normal; font-variant: = normal; font-weight: normal; letter-spacing: normal; line-height: normal;= orphans: auto; text-align: start; text-indent: 0px; text-transform: none= ; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap= : break-word; white-space: pre-wrap;">- - - - - - - - - - - - - - - - - -= - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <a class=3D"moz-txt-link-freet= ext" href=3D"https://security.gentoo.org/">https://security.gentoo.org/</= a> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Chromium: Multiple vulnerabilities Date: July 16, 2016 Bugs: #584310, #586704 ID: 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis =3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.
Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Affected packages =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 51.0.2704.103 >=3D 51.0.2704= =2E103=20
Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.
Impact =3D=3D=3D=3D=3D=3D
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
There is no known workaround at this time.
Resolution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=3Dwww-client/chromium-51.0.2704.103"
References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[ 1 ] CVE-2016-1672 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1672">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1672</a> [ 2 ] CVE-2016-1673 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1673">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1673</a> [ 3 ] CVE-2016-1674 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1674">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1674</a> [ 4 ] CVE-2016-1675 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1675">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1675</a> [ 5 ] CVE-2016-1676 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1676">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1676</a> [ 6 ] CVE-2016-1677 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1677">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1677</a> [ 7 ] CVE-2016-1678 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1678">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1678</a> [ 8 ] CVE-2016-1679 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1679">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1679</a> [ 9 ] CVE-2016-1680 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1680">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1680</a> [ 10 ] CVE-2016-1681 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1681">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1681</a> [ 11 ] CVE-2016-1682 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1682">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1682</a> [ 12 ] CVE-2016-1683 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1683">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1683</a> [ 13 ] CVE-2016-1684 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1684">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1684</a> [ 14 ] CVE-2016-1685 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1685">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1685</a> [ 15 ] CVE-2016-1686 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1686">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1686</a> [ 16 ] CVE-2016-1687 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1687">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1687</a> [ 17 ] CVE-2016-1688 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1688">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1688</a> [ 18 ] CVE-2016-1689 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1689">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1689</a> [ 19 ] CVE-2016-1690 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1690">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1690</a> [ 20 ] CVE-2016-1691 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1691">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1691</a> [ 21 ] CVE-2016-1692 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1692">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1692</a> [ 22 ] CVE-2016-1693 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1693">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1693</a> [ 23 ] CVE-2016-1694 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1694">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1694</a> [ 24 ] CVE-2016-1695 <a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd= =2Ecfm?cvename=3DCVE-2016-1695">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE= -2016-1695</a>
Availability =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
<a class=3D"moz-txt-link-freetext" href=3D"https://security.gentoo.org/g= lsa/201607-07">https://security.gentoo.org/glsa/201607-07</a>
Concerns? =3D=3D=3D=3D=3D=3D=3D=3D=3D
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:security@gentoo.org"= >security@gentoo.org</a> or alternatively, you may file a bug at <a class=3D"moz-txt-link-freetext" href=3D"https://bugs.gentoo.org">https= ://bugs.gentoo.org</a>.
License =3D=3D=3D=3D=3D=3D=3D
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
<a class=3D"moz-txt-link-freetext" href=3D"http://creativecommons.org/lic= enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre> </body> </html>
--------------2A20565CD03AE71546765F80--
--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt--
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1
iQJ8BAEBCgBmBQJXijVZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5 RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/3+cP/3rHS69LV3KZt6d2GRV6hWWn vyByjox93RnAolt3HSZOaqnIqnqyod3EP8MaxjAG+bTu0vczqu+nxxMBqx/m+vgY /RT60wzuGYNIl/Gw8HQsY05eCyP5TUwXqFjWodX8SanrKKVJdJ3ULItor034No1x MmwN59PHCDu2x/NnEn/UjozrTiUH3UQevo6cRaWfuC+1bPCqCxaQzo0Jdl1lpk/D 1shhyXs8vfqD7E35r3mOBUy7Hwg3RkQAW6ykDtf6VyeC2fK0N5IIQee7hWsX2OlV UyvBKZuEkeei8mRS2T1zli5IPts3pZyTu/Yy2gc4IoU7/EOW0/WCTkoEXQyyJSoL 9NwzQmgp7TjmeB6xELbIffqLs5UOULWZr10NDKca4m4YsxUVRRvhPjmhfZiT22ns exhdmXiMwM9qkKe36RSLnsMH28WEgRy6rMXthLqOLugppbFJTZWG1HRoJc7068or TnSpoPLD5uNPjU8q88RTP1gTegJ3lXnfLjCUdAkpD7GcIpGV3knX8JSRuv6tY5yQ GwEjQwIwdL35/DCKfklNN0MXOMjlh42nCepH/Ns1BRh1cDt3cPZf2ufi93g9oAA/ +3cm9VehT1Vvq3ND1KQTiBhoYYV2crkpByL2aeNN9MDmgX+g2QHup4BHVAtERap4 KQgq9Q+UDR+mRNCQOwj/ =1Oqi -----END PGP SIGNATURE-----
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB--
|