Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201610-09 ] Chromium: Multiple vulnerabilities
Date: Sat, 29 Oct 2016 13:17:07
Message-Id: d14ccf38-8237-9353-f679-c38c136964e1@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201610-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: October 29, 2016
10 Bugs: #589278, #590420, #592630, #593708, #595614, #597016
11 ID: 201610-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in the Chromium web browser,
19 the worst of which allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/chromium < 54.0.2840.59 >= 54.0.2840.59
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in the Chromium web
39 browser. Please review the CVE identifiers referenced below for
40 details.
41
42 Impact
43 ======
44
45 A remote attacker could possibly execute arbitrary code with the
46 privileges of the process, cause a Denial of Service condition, obtain
47 sensitive information, or bypass security restrictions.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All Chromium users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot -v ">=www-client/chromium-54.0.2840.59"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2016-5127
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127
67 [ 2 ] CVE-2016-5128
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128
69 [ 3 ] CVE-2016-5129
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129
71 [ 4 ] CVE-2016-5130
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130
73 [ 5 ] CVE-2016-5131
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
75 [ 6 ] CVE-2016-5132
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132
77 [ 7 ] CVE-2016-5133
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133
79 [ 8 ] CVE-2016-5134
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134
81 [ 9 ] CVE-2016-5135
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135
83 [ 10 ] CVE-2016-5136
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136
85 [ 11 ] CVE-2016-5137
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137
87 [ 12 ] CVE-2016-5138
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138
89 [ 13 ] CVE-2016-5139
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139
91 [ 14 ] CVE-2016-5140
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140
93 [ 15 ] CVE-2016-5141
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141
95 [ 16 ] CVE-2016-5142
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142
97 [ 17 ] CVE-2016-5143
98 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143
99 [ 18 ] CVE-2016-5144
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144
101 [ 19 ] CVE-2016-5145
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145
103 [ 20 ] CVE-2016-5146
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146
105 [ 21 ] CVE-2016-5147
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147
107 [ 22 ] CVE-2016-5148
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148
109 [ 23 ] CVE-2016-5149
110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149
111 [ 24 ] CVE-2016-5150
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150
113 [ 25 ] CVE-2016-5151
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151
115 [ 26 ] CVE-2016-5152
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152
117 [ 27 ] CVE-2016-5153
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153
119 [ 28 ] CVE-2016-5154
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154
121 [ 29 ] CVE-2016-5155
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155
123 [ 30 ] CVE-2016-5156
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156
125 [ 31 ] CVE-2016-5157
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157
127 [ 32 ] CVE-2016-5158
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158
129 [ 33 ] CVE-2016-5159
130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159
131 [ 34 ] CVE-2016-5160
132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160
133 [ 35 ] CVE-2016-5161
134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161
135 [ 36 ] CVE-2016-5162
136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162
137 [ 37 ] CVE-2016-5163
138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163
139 [ 38 ] CVE-2016-5164
140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164
141 [ 39 ] CVE-2016-5165
142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165
143 [ 40 ] CVE-2016-5166
144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166
145 [ 41 ] CVE-2016-5167
146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167
147 [ 42 ] CVE-2016-5170
148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170
149 [ 43 ] CVE-2016-5171
150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171
151 [ 44 ] CVE-2016-5172
152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172
153 [ 45 ] CVE-2016-5173
154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173
155 [ 46 ] CVE-2016-5174
156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174
157 [ 47 ] CVE-2016-5175
158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175
159 [ 48 ] CVE-2016-5177
160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177
161 [ 49 ] CVE-2016-5178
162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178
163 [ 50 ] CVE-2016-5181
164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181
165 [ 51 ] CVE-2016-5182
166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182
167 [ 52 ] CVE-2016-5183
168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183
169 [ 53 ] CVE-2016-5184
170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184
171 [ 54 ] CVE-2016-5185
172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185
173 [ 55 ] CVE-2016-5186
174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186
175 [ 56 ] CVE-2016-5187
176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187
177 [ 57 ] CVE-2016-5188
178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188
179 [ 58 ] CVE-2016-5189
180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189
181 [ 59 ] CVE-2016-5190
182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190
183 [ 60 ] CVE-2016-5191
184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191
185 [ 61 ] CVE-2016-5192
186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192
187 [ 62 ] CVE-2016-5193
188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193
189 [ 63 ] CVE-2016-5194
190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194
191
192 Availability
193 ============
194
195 This GLSA and any updates to it are available for viewing at
196 the Gentoo Security Website:
197
198 https://security.gentoo.org/glsa/201610-09
199
200 Concerns?
201 =========
202
203 Security is a primary focus of Gentoo Linux and ensuring the
204 confidentiality and security of our users' machines is of utmost
205 importance to us. Any security concerns should be addressed to
206 security@g.o or alternatively, you may file a bug at
207 https://bugs.gentoo.org.
208
209 License
210 =======
211
212 Copyright 2016 Gentoo Foundation, Inc; referenced text
213 belongs to its owner(s).
214
215 The contents of this document are licensed under the
216 Creative Commons - Attribution / Share Alike license.
217
218 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups