[gentoo-announce] [ GLSA 201801-03 ] Chromium, Google Chrome: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201801-03 ] Chromium, Google Chrome: Multiple vulnerabilities
Date:	Sun, 07 Jan 2018 23:24:20
Message-Id:	`2069448.XMbo7u3WEZ@localhost.localdomain`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201801-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Chromium, Google Chrome: Multiple vulnerabilities

9

     Date: January 07, 2018

10

     Bugs: #640334, #641376

11

       ID: 201801-03

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Chromium and Google Chrome,

19

the worst of which could result in the execution of arbitrary code.

20

21

Background

22

==========

23

24

Chromium is an open-source browser project that aims to build a safer,

25

faster, and more stable way for all users to experience the web.

26

27

Google Chrome is one fast, simple, and secure browser for all your

28

devices

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package              /     Vulnerable     /            Unaffected

35

    -------------------------------------------------------------------

36

  1  www-client/chromium      < 63.0.3239.108        >= 63.0.3239.108 

37

  2  www-client/google-chrome

38

                              < 63.0.3239.108        >= 63.0.3239.108 

39

    -------------------------------------------------------------------

40

     2 affected packages

41

42

Description

43

===========

44

45

Multiple vulnerabilities have been discovered in Chromium and Google

46

Chrome. Please review the CVE identifiers referenced below for details.

47

48

Impact

49

======

50

51

A remote attacker could possibly execute arbitrary code with the

52

privileges of the process, cause a Denial of Service condition, bypass

53

content security controls, or conduct URL spoofing.

54

55

Workaround

56

==========

57

58

There are no known workarounds at this time.

59

60

Resolution

61

==========

62

63

All Chromium users should upgrade to the latest version:

64

65

  # emerge --sync

66

  # emerge --ask --oneshot -v ">=www-client/chromium-63.0.3239.108"

67

68

All Google Chrome users should upgrade to the latest version:

69

70

  # emerge --sync

71

  # emerge -a --oneshot -v ">=www-client/google-chrome-63.0.3239.108"

72

73

References

74

==========

75

76

[  1 ] CVE-2017-15407

77

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15407

78

[  2 ] CVE-2017-15408

79

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15408

80

[  3 ] CVE-2017-15409

81

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15409

82

[  4 ] CVE-2017-15410

83

       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15410

84

[  5 ] CVE-2017-15411

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201801-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Chromium, Google Chrome: Multiple vulnerabilities
9	Date: January 07, 2018
10	Bugs: #640334, #641376
11	ID: 201801-03
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Chromium and Google Chrome,
19	the worst of which could result in the execution of arbitrary code.
20
21	Background
22	==========
23
24	Chromium is an open-source browser project that aims to build a safer,
25	faster, and more stable way for all users to experience the web.
26
27	Google Chrome is one fast, simple, and secure browser for all your
28	devices
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 www-client/chromium < 63.0.3239.108 >= 63.0.3239.108
37	2 www-client/google-chrome
38	< 63.0.3239.108 >= 63.0.3239.108
39	-------------------------------------------------------------------
40	2 affected packages
41
42	Description
43	===========
44
45	Multiple vulnerabilities have been discovered in Chromium and Google
46	Chrome. Please review the CVE identifiers referenced below for details.
47
48	Impact
49	======
50
51	A remote attacker could possibly execute arbitrary code with the
52	privileges of the process, cause a Denial of Service condition, bypass
53	content security controls, or conduct URL spoofing.
54
55	Workaround
56	==========
57
58	There are no known workarounds at this time.
59
60	Resolution
61	==========
62
63	All Chromium users should upgrade to the latest version:
64
65	# emerge --sync
66	# emerge --ask --oneshot -v ">=www-client/chromium-63.0.3239.108"
67
68	All Google Chrome users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge -a --oneshot -v ">=www-client/google-chrome-63.0.3239.108"
72
73	References
74	==========
75
76	[ 1 ] CVE-2017-15407
77	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15407
78	[ 2 ] CVE-2017-15408
79	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15408
80	[ 3 ] CVE-2017-15409
81	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15409
82	[ 4 ] CVE-2017-15410
83	https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15410
84	[ 5 ] CVE-2017-15411