Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4064-1] chromium-browser security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4064-1] chromium-browser security update


Chronologisch Thread 
  • From: Michael Gilbert <mgilbert AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4064-1] chromium-browser security update
  • Date: Tue, 12 Dec 2017 06:03:56 -0500
  • Authentication-results: mail.intern.piratenpartei.de (MFA); dkim=pass (2048-bit key) header.d=gmail.com
  • List-archive: https://lists.debian.org/msgid-search/CANTw=MMFh1YKxhCm4LWPZh5izpWr-+RsiYt1F4B4FwwTQG9Nmw AT mail.gmail.com
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <michael.s.gilbert AT gmail.com>
  • Priority: urgent
  • Resent-date: Tue, 12 Dec 2017 11:04:41 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <n23TMECLfEF.A.IWB.If7LaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4064-1 security AT debian.org
https://www.debian.org/security/ Michael Gilbert
December 12, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416
CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420
CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426
CVE-2017-15427

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-15407

Ned Williamson discovered an out-of-bounds write issue.

CVE-2017-15408

Ke Liu discovered a heap overflow issue in the pdfium library.

CVE-2017-15409

An out-of-bounds write issue was discovered in the skia library.

CVE-2017-15410

Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15411

Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15413

Gaurav Dewan discovered a type confusion issue.

CVE-2017-15415

Viktor Brange discovered an information disclosure issue.

CVE-2017-15416

Ned Williamson discovered an out-of-bounds read issue.

CVE-2017-15417

Max May discovered an information disclosure issue in the skia
library.

CVE-2017-15418

Kushal Arvind Shah discovered an uninitialized value in the skia
library.

CVE-2017-15419

Jun Kokatsu discoved an information disclosure issue.

CVE-2017-15420

WenXu Wu discovered a URL spoofing issue.

CVE-2017-15423

Greg Hudson discovered an issue in the boringssl library.

CVE-2017-15424

Khalil Zhani discovered a URL spoofing issue.

CVE-2017-15425

xisigr discovered a URL spoofing issue.

CVE-2017-15426

WenXu Wu discovered a URL spoofing issue.

CVE-2017-15427

Junaid Farhan discovered an issue with the omnibox.

For the stable distribution (stretch), these problems have been fixed in
version 63.0.3239.84-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlovt/gACgkQuNayzQLW
9HNCpB//Se2Sq0zIXpibz/22YXknmUdQ9nnjsNUVDhc92r9HyGzU2Icn+WwGh8aH
kg4tNk3tzE4Gf8qxpU3z3Z/KcyJURX1ZZZBxLJrLzU4xPY2ynCrOXzSTsgejBkAw
gEfbyXHD0dJefdqHTmu1fquAg9OBKokMpf5HOJhUHe12erMjMTin+Su8DAUvE4Uq
J0+hWJAPaeNKsml0bVSEshZBoaeqI6DxcA5tIQLaektlCG9BaxOriS6NXxf3v7TT
r16Erb1PQq8CIdl36r9wMl3xqkDYcxJmsn88is7RxcG4W58FfCc0Bvaeqp5+ygGT
RC+aN8+rNj8dTequVVBtyRhUY21GsggWWTkbJCu6dN1QcB7sAHcgtSe50eL+9w5E
Ny2Jaym0UrCSmWvHb1wQZUHzWlogKjsrzuQC9Ces+QQmZbaoop626cKz5YjVQDp5
9NFIkJvFxMgY253mp61HL5nmgdfl1UqWM39mZ1aOOSRVMlw3rVk2cCNCbMVj7IBZ
3IuiEJ25pzo4fUE1gXMsGnHhn7Ppa8vCd8mfw9mzUTg6OY036O6Gzu4ljE6AF8z0
6rzKqzu0y4YckhWZz3XFH1TTkENXZbQCp1EmiwmOfLWGgG+sz15DwL8yk4LkNLts
yqrH+XStq4B4D9hLLHw1ccmwsweRW9gychBVJIBb8mYhxK9BIvE5XGYL0Xol+SbR
nKMNgswkM0KuiJO49jM4biP1GLFoU4LIT+vG7f/cfAbkPMAS6DLKzeFyMUnvOzn5
QFnJh3o2I62q21384svr0/WMbL1xzLQANRreSZLI45Ou1sUNraFgCR7m6Xnwr1T+
A5upVEitlzWR/EcIODNghrZbgtBAzGjLLAmHxmuXJhjb84LqXrp0EtKx+oQJvapE
3tkgCa308EDQEDqbRMEeaZcj3y3C2rGK8h95j4HBKjEfAPD2nx9D4kPZI36awM23
xX0QBA18VvG7TRTVgCv9nzXvzTFA8Fl5WHc5SAa+aKVlWvY9aZiTseSUZsoF9lYW
nC6HUydTSoEZxjcH66l1upVfgctz/7yhhiKpeMx3ScunGnIpkCv3lHqMQmH6vasl
Hce8vsQ78yPPHD5CLGp1QaailFeNw/X5ybMm2v/uGAkLWfXRaeW9ArM/ZYRpBltF
DeFXbKFhNo+5tdCsFyIZ+oSswMhwwfrCXlP9tlKqcwBxfAYhHQOu4Lh/VFXbB6wW
dz4aLG//Hx5Bj8qX4TEAv4T/dwnihPmGpodskFXU8oCvnEPWxmjRLAlBoWwiUhL3
L0FhUnql8v3z33ebJRnaE89CxpAeBn8WQrxeQJBfzx/6ZJS4wGe5S89IanrYHgx0
M2MFwAOexKQpMEwDU/reyyOTZsHDAQ==
=66jZ
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 4064-1] chromium-browser security update, Michael Gilbert, 12.12.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang