[SECURITY] [DSA 3810-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3810-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
March 15, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044
CVE-2017-5045 CVE-2017-5046
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2017-5029
Holger Fuhrmannek discovered an integer overflow issue in the libxslt
library.
CVE-2017-5030
Brendon Tiszka discovered a memory corruption issue in the v8 javascript
library.
CVE-2017-5031
Looben Yang discovered a use-after-free issue in the ANGLE library.
CVE-2017-5032
Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.
CVE-2017-5033
Nicolai Grødum discovered a way to bypass the Content Security Policy.
CVE-2017-5034
Ke Liu discovered an integer overflow issue in the pdfium library.
CVE-2017-5035
Enzo Aguado discovered an issue with the omnibox.
CVE-2017-5036
A use-after-free issue was discovered in the pdfium library.
CVE-2017-5037
Yongke Wang discovered multiple out-of-bounds write issues.
CVE-2017-5038
A use-after-free issue was discovered in the guest view.
CVE-2017-5039
jinmo123 discovered a use-after-free issue in the pdfium library.
CVE-2017-5040
Choongwoo Han discovered an information disclosure issue in the v8
javascript library.
CVE-2017-5041
Jordi Chancel discovered an address spoofing issue.
CVE-2017-5042
Mike Ruddy discovered incorrect handling of cookies.
CVE-2017-5043
Another use-after-free issue was discovered in the guest view.
CVE-2017-5044
Kushal Arvind Shah discovered a heap overflow issue in the skia
library.
CVE-2017-5045
Dhaval Kapil discovered an information disclosure issue.
CVE-2017-5046
Masato Kinugawa discovered an information disclosure issue.
For the stable distribution (jessie), these problems have been fixed in
version 57.0.2987.98-1~deb8u1.
For the upcoming stable (stretch) and unstable (sid) distributions, these
problems have been fixed in version 57.0.2987.98-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAljJMRkACgkQuNayzQLW
9HM36B/+NXUUQ3TCDWQt+FYXtqla6j+BnUTBAsKTbmZwbz5/gAxRymzm835ilVyw
r0sn4JOffZdKEmkdkHSSXwk8UQqPL2vfnQq8PQKbWvZlkmoMmxDdMNWoggRx/c6c
LTUAjE/tpy1P3VBd4YdFa7fpb/M5LSpHxs36O25ZvuN6woi8zbKYLJBD+jQ5U4F+
pVO6Lgdou/26TJGq/lZ0Lfypj1esndfwxoIKCJBS845o1bdZusRynUbSyI1fV/YL
Y9mkwEO1LsoGBFqlroOMlzcfRY8/pG0tRN++mebSEsh6TOFQpq+1qq1/DkyhCFKS
o6deeZjYYy5CGdbx6gxPp7J8HQry4JvjV5Rj1g8vfVdJwb6i33dTZEKDghPm48pu
gr2BfF2EXlGwhe+JaXmZkoEVOpX4dPnOcVgrpD0FXDJoVyqrVCo410L0MZug90Xr
eTCOPVrnCHRhCfRoYyRlZASuH+HtgrD8Qy+NGUx/ZxK5Zg2Ck1+XDJLMLdwn3Y7N
5s+beUU4n0rR6O7tX8JDwx0qieloCqg2ZOACOCjy312gDt4R7kxcr+P4RxQ9tXgc
o8AN1NIWNxQPovLYMD2JGD0iWt1hUmNHtbscl8MllugKv+nfgFpTNpviAqEFOpw/
9W/o10h+lIO/yr4Den75h3QU+vPR/7V4zOlyr6PtDbIo8EwWKvy4BCGMNKtREaB2
42vGXuBqzup91wIR9YU8ZWNhdtL1tWLJQZFDnMY3RurpFmH37m4G0Ni8+vvzXwWK
mEtjC9wLfTWZQ+mWXHjBGXlkRivpnppOCYhfNvGOQ9HtPKX6YBZrM+k5afzKS+z4
uZKMxN5EcA+/6s8d3h5oyzg9auvu4Zf/ifBNSzc8XF7sE6MgxU5KtMpwsBvsUwcR
VGIVBzJFZAADbBQxF24+lSxA/fMkfrZC61CEZEHdMBWN/k5UUH1tjUviE5pRusuc
3SRQ2/PSCOZ2uTbJsv4J4KooOlgMl2wJCL7nyww7OaHSB7WXqxg+QWh+dMI3oQt9
k3SJcbc9y94FNPUPWzY2CZo1/Nr/7jJLOnXYtZvb000lEF+cYgpX35u+gfIf9a+R
bgSPbkY1B6vRmlTJ0zt/eC0ENV23D0wrG/JT4AysW1P1zQF+AH8pUiFsKfGcF1zF
RFPsMzkfI6K+hFZdfV02eznaL89jQqPmk09ZN558NoTu43ct1QLJMSzVqK1K4ORQ
39C54f6x5j1zy+fl3IvUsbGY6PKfMwDPo+W2X5ze7wI9wHcgSKEmkCMEw0DGvsKy
8SjOyJKN0YDTvyFN6hFcIJO+HHnfvWOy2et3FxZyQWudYvYjnGnFcDDz1yzxuda+
SkaB2j+BgAQPYBXZoylBjGc+izT9qA==
=8dUe
-----END PGP SIGNATURE-----
Reply to: