Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201709-15 ] Chromium: Multiple vulnerabilities
Date: Sun, 24 Sep 2017 15:38:23
Message-Id: 2073067.ksnnsABYUa@localhost.localdomain
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201709-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: September 24, 2017
10 Bugs: #626382, #630068
11 ID: 201709-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium, the worst of
19 which could result in the execution of arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/chromium < 61.0.3163.79 >= 61.0.3163.79
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Chromium. Please
39 review the referenced CVE identifiers for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code with the
45 privileges of the process, cause a Denial of Service condition, obtain
46 sensitive information, bypass security restrictions, or spoof content.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Chromium users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot -v ">=www-client/chromium-61.0.3163.79"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2017-5091
65 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5091
66 [ 2 ] CVE-2017-5092
67 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5092
68 [ 3 ] CVE-2017-5093
69 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5093
70 [ 4 ] CVE-2017-5094
71 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5094
72 [ 5 ] CVE-2017-5095
73 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5095
74 [ 6 ] CVE-2017-5096
75 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5096
76 [ 7 ] CVE-2017-5097
77 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5097
78 [ 8 ] CVE-2017-5098
79 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5098
80 [ 9 ] CVE-2017-5099
81 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5099
82 [ 10 ] CVE-2017-5100
83 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5100
84 [ 11 ] CVE-2017-5101
85 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5101
86 [ 12 ] CVE-2017-5102
87 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5102
88 [ 13 ] CVE-2017-5103
89 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5103
90 [ 14 ] CVE-2017-5104
91 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5104
92 [ 15 ] CVE-2017-5105
93 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5105
94 [ 16 ] CVE-2017-5106
95 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5106
96 [ 17 ] CVE-2017-5107
97 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5107
98 [ 18 ] CVE-2017-5108
99 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5108
100 [ 19 ] CVE-2017-5109
101 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5109
102 [ 20 ] CVE-2017-5110
103 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5110
104 [ 21 ] CVE-2017-5111
105 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5111
106 [ 22 ] CVE-2017-5112
107 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5112
108 [ 23 ] CVE-2017-5113
109 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5113
110 [ 24 ] CVE-2017-5114
111 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5114
112 [ 25 ] CVE-2017-5115
113 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5115
114 [ 26 ] CVE-2017-5116
115 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5116
116 [ 27 ] CVE-2017-5117
117 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5117
118 [ 28 ] CVE-2017-5118
119 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5118
120 [ 29 ] CVE-2017-5119
121 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5119
122 [ 30 ] CVE-2017-5120
123 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5120
124 [ 31 ] CVE-2017-7000
125 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7000
126
127 Availability
128 ============
129
130 This GLSA and any updates to it are available for viewing at
131 the Gentoo Security Website:
132
133 https://security.gentoo.org/glsa/201709-15
134
135 Concerns?
136 =========
137
138 Security is a primary focus of Gentoo Linux and ensuring the
139 confidentiality and security of our users' machines is of utmost
140 importance to us. Any security concerns should be addressed to
141 security@g.o or alternatively, you may file a bug at
142 https://bugs.gentoo.org.
143
144 License
145 =======
146
147 Copyright 2017 Gentoo Foundation, Inc; referenced text
148 belongs to its owner(s).
149
150 The contents of this document are licensed under the
151 Creative Commons - Attribution / Share Alike license.
152
153 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature