Mehrere Probleme in Chromium
ID: | DSA-3810-1 |
Distribution: | Debian |
Plattformen: | Debian jessie |
Datum: | Mi, 15. März 2017, 14:46 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040 |
Applikationen: | Chromium |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3810-1 security@debian.org https://www.debian.org/security/ Michael Gilbert March 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5029 Holger Fuhrmannek discovered an integer overflow issue in the libxslt library. CVE-2017-5030 Brendon Tiszka discovered a memory corruption issue in the v8 javascript library. CVE-2017-5031 Looben Yang discovered a use-after-free issue in the ANGLE library. CVE-2017-5032 Ashfaq Ansari discovered an out-of-bounds write in the pdfium library. CVE-2017-5033 Nicolai Grødum discovered a way to bypass the Content Security Policy. CVE-2017-5034 Ke Liu discovered an integer overflow issue in the pdfium library. CVE-2017-5035 Enzo Aguado discovered an issue with the omnibox. CVE-2017-5036 A use-after-free issue was discovered in the pdfium library. CVE-2017-5037 Yongke Wang discovered multiple out-of-bounds write issues. CVE-2017-5038 A use-after-free issue was discovered in the guest view. CVE-2017-5039 jinmo123 discovered a use-after-free issue in the pdfium library. CVE-2017-5040 Choongwoo Han discovered an information disclosure issue in the v8 javascript library. CVE-2017-5041 Jordi Chancel discovered an address spoofing issue. CVE-2017-5042 Mike Ruddy discovered incorrect handling of cookies. CVE-2017-5043 Another use-after-free issue was discovered in the guest view. CVE-2017-5044 Kushal Arvind Shah discovered a heap overflow issue in the skia library. CVE-2017-5045 Dhaval Kapil discovered an information disclosure issue. CVE-2017-5046 Masato Kinugawa discovered an information disclosure issue. For the stable distribution (jessie), these problems have been fixed in version 57.0.2987.98-1~deb8u1. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 57.0.2987.98-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAljJMRkACgkQuNayzQLW 9HM36B/+NXUUQ3TCDWQt+FYXtqla6j+BnUTBAsKTbmZwbz5/gAxRymzm835ilVyw r0sn4JOffZdKEmkdkHSSXwk8UQqPL2vfnQq8PQKbWvZlkmoMmxDdMNWoggRx/c6c LTUAjE/tpy1P3VBd4YdFa7fpb/M5LSpHxs36O25ZvuN6woi8zbKYLJBD+jQ5U4F+ pVO6Lgdou/26TJGq/lZ0Lfypj1esndfwxoIKCJBS845o1bdZusRynUbSyI1fV/YL Y9mkwEO1LsoGBFqlroOMlzcfRY8/pG0tRN++mebSEsh6TOFQpq+1qq1/DkyhCFKS o6deeZjYYy5CGdbx6gxPp7J8HQry4JvjV5Rj1g8vfVdJwb6i33dTZEKDghPm48pu gr2BfF2EXlGwhe+JaXmZkoEVOpX4dPnOcVgrpD0FXDJoVyqrVCo410L0MZug90Xr eTCOPVrnCHRhCfRoYyRlZASuH+HtgrD8Qy+NGUx/ZxK5Zg2Ck1+XDJLMLdwn3Y7N 5s+beUU4n0rR6O7tX8JDwx0qieloCqg2ZOACOCjy312gDt4R7kxcr+P4RxQ9tXgc o8AN1NIWNxQPovLYMD2JGD0iWt1hUmNHtbscl8MllugKv+nfgFpTNpviAqEFOpw/ 9W/o10h+lIO/yr4Den75h3QU+vPR/7V4zOlyr6PtDbIo8EwWKvy4BCGMNKtREaB2 42vGXuBqzup91wIR9YU8ZWNhdtL1tWLJQZFDnMY3RurpFmH37m4G0Ni8+vvzXwWK mEtjC9wLfTWZQ+mWXHjBGXlkRivpnppOCYhfNvGOQ9HtPKX6YBZrM+k5afzKS+z4 uZKMxN5EcA+/6s8d3h5oyzg9auvu4Zf/ifBNSzc8XF7sE6MgxU5KtMpwsBvsUwcR VGIVBzJFZAADbBQxF24+lSxA/fMkfrZC61CEZEHdMBWN/k5UUH1tjUviE5pRusuc 3SRQ2/PSCOZ2uTbJsv4J4KooOlgMl2wJCL7nyww7OaHSB7WXqxg+QWh+dMI3oQt9 k3SJcbc9y94FNPUPWzY2CZo1/Nr/7jJLOnXYtZvb000lEF+cYgpX35u+gfIf9a+R bgSPbkY1B6vRmlTJ0zt/eC0ENV23D0wrG/JT4AysW1P1zQF+AH8pUiFsKfGcF1zF RFPsMzkfI6K+hFZdfV02eznaL89jQqPmk09ZN558NoTu43ct1QLJMSzVqK1K4ORQ 39C54f6x5j1zy+fl3IvUsbGY6PKfMwDPo+W2X5ze7wI9wHcgSKEmkCMEw0DGvsKy 8SjOyJKN0YDTvyFN6hFcIJO+HHnfvWOy2et3FxZyQWudYvYjnGnFcDDz1yzxuda+ SkaB2j+BgAQPYBXZoylBjGc+izT9qA== =8dUe -----END PGP SIGNATURE----- |