[gentoo-announce] [ GLSA 201507-18 ] Chromium: Multiple vulnerabilities - gentoo-announce

From:	Mikle Kolyada <zlogene@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201507-18 ] Chromium: Multiple vulnerabilities
Date:	Fri, 10 Jul 2015 13:24:13
Message-Id:	`559FC66B.7010004@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201507-18

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Chromium: Multiple vulnerabilities

9

     Date: July 10, 2015

10

     Bugs: #552904

11

       ID: 201507-18

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Chromium allowing remote

19

attackers to bypass security restrictions.

20

21

Background

22

==========

23

24

Chromium is an open-source web browser project.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  www-client/chromium      < 43.0.2357.130        >= 43.0.2357.130 

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in Chromium. Please

38

review the CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

A remote attacker could bypass security restrictions.

44

45

Workaround

46

==========

47

48

There is no known workaround at this time.

49

50

Resolution

51

==========

52

53

All Chromium users should upgrade to the latest version:

54

55

  # emerge --sync

56

  # emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.130"

57

58

References

59

==========

60

61

[ 1 ] CVE-2015-1266

62

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1266

63

[ 2 ] CVE-2015-1267

64

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1267

65

[ 3 ] CVE-2015-1268

66

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1268

67

[ 4 ] CVE-2015-1269

68

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1269

69

70

Availability

71

============

72

73

This GLSA and any updates to it are available for viewing at

74

the Gentoo Security Website:

75

76

 https://security.gentoo.org/glsa/201507-18

77

78

Concerns?

79

=========

80

81

Security is a primary focus of Gentoo Linux and ensuring the

82

confidentiality and security of our users' machines is of utmost

83

importance to us. Any security concerns should be addressed to

84

security@g.o or alternatively, you may file a bug at

85

https://bugs.gentoo.org.

86

87

License

88

=======

89

90

Copyright 2015 Gentoo Foundation, Inc; referenced text

91

belongs to its owner(s).

92

93

The contents of this document are licensed under the

94

Creative Commons - Attribution / Share Alike license.

95

96

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201507-18
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Chromium: Multiple vulnerabilities
9	Date: July 10, 2015
10	Bugs: #552904
11	ID: 201507-18
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Chromium allowing remote
19	attackers to bypass security restrictions.
20
21	Background
22	==========
23
24	Chromium is an open-source web browser project.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 www-client/chromium < 43.0.2357.130 >= 43.0.2357.130
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in Chromium. Please
38	review the CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	A remote attacker could bypass security restrictions.
44
45	Workaround
46	==========
47
48	There is no known workaround at this time.
49
50	Resolution
51	==========
52
53	All Chromium users should upgrade to the latest version:
54
55	# emerge --sync
56	# emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.130"
57
58	References
59	==========
60
61	[ 1 ] CVE-2015-1266
62	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1266
63	[ 2 ] CVE-2015-1267
64	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1267
65	[ 3 ] CVE-2015-1268
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1268
67	[ 4 ] CVE-2015-1269
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1269
69
70	Availability
71	============
72
73	This GLSA and any updates to it are available for viewing at
74	the Gentoo Security Website:
75
76	https://security.gentoo.org/glsa/201507-18
77
78	Concerns?
79	=========
80
81	Security is a primary focus of Gentoo Linux and ensuring the
82	confidentiality and security of our users' machines is of utmost
83	importance to us. Any security concerns should be addressed to
84	security@g.o or alternatively, you may file a bug at
85	https://bugs.gentoo.org.
86
87	License
88	=======
89
90	Copyright 2015 Gentoo Foundation, Inc; referenced text
91	belongs to its owner(s).
92
93	The contents of this document are licensed under the
94	Creative Commons - Attribution / Share Alike license.
95
96	http://creativecommons.org/licenses/by-sa/2.5