Sicherheit: Mehrere Probleme in Chromium

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB
Content-Type: multipart/mixed;
boundary="PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt"
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <6133c6a5-470b-c7d5-dece-87dcb02dae44@gentoo.org>
Subject: [ GLSA 201607-07 ] Chromium: Multiple vulnerabilities

--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt
Content-Type: multipart/alternative;
boundary="------------2A20565CD03AE71546765F80"

This is a multi-part message in MIME format.
--------------2A20565CD03AE71546765F80
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 51.0.2704.103 >= 51.0.2704.103

Description
===========

Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-51.0.2704.103"

References
==========

[ 1 ] CVE-2016-1672
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672
[ 2 ] CVE-2016-1673
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673
[ 3 ] CVE-2016-1674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674
[ 4 ] CVE-2016-1675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675
[ 5 ] CVE-2016-1676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676
[ 6 ] CVE-2016-1677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677
[ 7 ] CVE-2016-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678
[ 8 ] CVE-2016-1679
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679
[ 9 ] CVE-2016-1680
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680
[ 10 ] CVE-2016-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681
[ 11 ] CVE-2016-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682
[ 12 ] CVE-2016-1683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683
[ 13 ] CVE-2016-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684
[ 14 ] CVE-2016-1685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685
[ 15 ] CVE-2016-1686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686
[ 16 ] CVE-2016-1687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687
[ 17 ] CVE-2016-1688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688
[ 18 ] CVE-2016-1689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689
[ 19 ] CVE-2016-1690
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690
[ 20 ] CVE-2016-1691
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691
[ 21 ] CVE-2016-1692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692
[ 22 ] CVE-2016-1693
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693
[ 23 ] CVE-2016-1694
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694
[ 24 ] CVE-2016-1695
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201607-07

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--------------2A20565CD03AE71546765F80
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
<head>

<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Dutf=
-8">
</head>
<body bgcolor=3D"#FFFFFF" text=3D"#000000">
<p>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Du=
tf-8">
</p>
<pre style=3D"color: rgb(0, 0, 0); font-style: normal; font-variant:
=
normal; font-weight: normal; letter-spacing: normal; line-height: normal;=
orphans: auto; text-align: start; text-indent: 0px; text-transform: none=
; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap=
: break-word; white-space: pre-wrap;">- - - - - - - - - - - - - - - - -
-=
- - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<a
class=3D"moz-txt-link-freet=
ext" href=3D"https://security.gentoo.org/">https://security.gentoo.org/</=
a>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 51.0.2704.103 >=3D
51.0.2704=
=2E103=20

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v
">=3Dwww-client/chromium-51.0.2704.103"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ 1 ] CVE-2016-1672
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1672">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1672</a>
[ 2 ] CVE-2016-1673
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1673">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1673</a>
[ 3 ] CVE-2016-1674
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1674">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1674</a>
[ 4 ] CVE-2016-1675
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1675">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1675</a>
[ 5 ] CVE-2016-1676
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1676">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1676</a>
[ 6 ] CVE-2016-1677
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1677">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1677</a>
[ 7 ] CVE-2016-1678
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1678">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1678</a>
[ 8 ] CVE-2016-1679
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1679">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1679</a>
[ 9 ] CVE-2016-1680
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1680">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1680</a>
[ 10 ] CVE-2016-1681
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1681">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1681</a>
[ 11 ] CVE-2016-1682
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1682">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1682</a>
[ 12 ] CVE-2016-1683
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1683">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1683</a>
[ 13 ] CVE-2016-1684
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1684">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1684</a>
[ 14 ] CVE-2016-1685
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1685">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1685</a>
[ 15 ] CVE-2016-1686
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1686">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1686</a>
[ 16 ] CVE-2016-1687
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1687">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1687</a>
[ 17 ] CVE-2016-1688
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1688">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1688</a>
[ 18 ] CVE-2016-1689
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1689">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1689</a>
[ 19 ] CVE-2016-1690
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1690">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1690</a>
[ 20 ] CVE-2016-1691
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1691">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1691</a>
[ 21 ] CVE-2016-1692
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1692">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1692</a>
[ 22 ] CVE-2016-1693
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1693">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1693</a>
[ 23 ] CVE-2016-1694
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1694">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1694</a>
[ 24 ] CVE-2016-1695
<a class=3D"moz-txt-link-freetext" href=3D"http://nvd.nist.gov/nvd=
=2Ecfm?cvename=3DCVE-2016-1695">http://nvd.nist.gov/nvd.cfm?cvename=3DCVE=
-2016-1695</a>

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

<a class=3D"moz-txt-link-freetext" href=3D"https://security.gentoo.org/g=
lsa/201607-07">https://security.gentoo.org/glsa/201607-07</a>

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
<a class=3D"moz-txt-link-abbreviated"
href=3D"mailto:security@gentoo.org"=
>security@gentoo.org</a> or alternatively, you may file a bug at
<a class=3D"moz-txt-link-freetext" href=3D"https://bugs.gentoo.org">https=
://bugs.gentoo.org</a>.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

<a class=3D"moz-txt-link-freetext" href=3D"http://creativecommons.org/lic=
enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre>
</body>
</html>

--------------2A20565CD03AE71546765F80--

--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt--

--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1

iQJ8BAEBCgBmBQJXijVZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ1OTcyRDI4NDhFOEE0NDYwRTdERTY4QUM5
RjI4QkQ4QkQxRTM5NUZGAAoJEJ8ovYvR45X/3+cP/3rHS69LV3KZt6d2GRV6hWWn
vyByjox93RnAolt3HSZOaqnIqnqyod3EP8MaxjAG+bTu0vczqu+nxxMBqx/m+vgY
/RT60wzuGYNIl/Gw8HQsY05eCyP5TUwXqFjWodX8SanrKKVJdJ3ULItor034No1x
MmwN59PHCDu2x/NnEn/UjozrTiUH3UQevo6cRaWfuC+1bPCqCxaQzo0Jdl1lpk/D
1shhyXs8vfqD7E35r3mOBUy7Hwg3RkQAW6ykDtf6VyeC2fK0N5IIQee7hWsX2OlV
UyvBKZuEkeei8mRS2T1zli5IPts3pZyTu/Yy2gc4IoU7/EOW0/WCTkoEXQyyJSoL
9NwzQmgp7TjmeB6xELbIffqLs5UOULWZr10NDKca4m4YsxUVRRvhPjmhfZiT22ns
exhdmXiMwM9qkKe36RSLnsMH28WEgRy6rMXthLqOLugppbFJTZWG1HRoJc7068or
TnSpoPLD5uNPjU8q88RTP1gTegJ3lXnfLjCUdAkpD7GcIpGV3knX8JSRuv6tY5yQ
GwEjQwIwdL35/DCKfklNN0MXOMjlh42nCepH/Ns1BRh1cDt3cPZf2ufi93g9oAA/
+3cm9VehT1Vvq3ND1KQTiBhoYYV2crkpByL2aeNN9MDmgX+g2QHup4BHVAtERap4
KQgq9Q+UDR+mRNCQOwj/
=1Oqi
-----END PGP SIGNATURE-----

--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB--