Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities
Date: Sat, 12 Mar 2016 12:17:02
Message-Id: 56E407AC.2080609@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201603-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: March 12, 2016
10 Bugs: #555640, #559384, #561448, #563098, #565510, #567308,
11 #567870, #568396, #572542, #574416, #575434, #576354, #576858
12 ID: 201603-09
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in the Chromium web browser,
20 the worst of which allows remote attackers to execute arbitrary code.
21
22 Background
23 ==========
24
25 Chromium is an open-source browser project that aims to build a safer,
26 faster, and more stable way for all users to experience the web.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 www-client/chromium < 49.0.2623.87 >= 49.0.2623.87
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in the Chromium web
40 browser. Please review the CVE identifiers referenced below for
41 details.
42
43 Impact
44 ======
45
46 A remote attacker could possibly execute arbitrary code with the
47 privileges of the process, cause a Denial of Service condition, obtain
48 sensitive information, or bypass security restrictions.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All Chromium users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87"
62
63 References
64 ==========
65
66 [ 1 ] CVE-2015-1270
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270
68 [ 2 ] CVE-2015-1271
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271
70 [ 3 ] CVE-2015-1272
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272
72 [ 4 ] CVE-2015-1273
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273
74 [ 5 ] CVE-2015-1274
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274
76 [ 6 ] CVE-2015-1275
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275
78 [ 7 ] CVE-2015-1276
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276
80 [ 8 ] CVE-2015-1277
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277
82 [ 9 ] CVE-2015-1278
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278
84 [ 10 ] CVE-2015-1279
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279
86 [ 11 ] CVE-2015-1280
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280
88 [ 12 ] CVE-2015-1281
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281
90 [ 13 ] CVE-2015-1282
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282
92 [ 14 ] CVE-2015-1283
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283
94 [ 15 ] CVE-2015-1284
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284
96 [ 16 ] CVE-2015-1285
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285
98 [ 17 ] CVE-2015-1286
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286
100 [ 18 ] CVE-2015-1287
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287
102 [ 19 ] CVE-2015-1288
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288
104 [ 20 ] CVE-2015-1289
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289
106 [ 21 ] CVE-2015-1291
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291
108 [ 22 ] CVE-2015-1292
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292
110 [ 23 ] CVE-2015-1293
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293
112 [ 24 ] CVE-2015-1294
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294
114 [ 25 ] CVE-2015-1295
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295
116 [ 26 ] CVE-2015-1296
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296
118 [ 27 ] CVE-2015-1297
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297
120 [ 28 ] CVE-2015-1298
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298
122 [ 29 ] CVE-2015-1299
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299
124 [ 30 ] CVE-2015-1300
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300
126 [ 31 ] CVE-2015-1302
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302
128 [ 32 ] CVE-2015-1303
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303
130 [ 33 ] CVE-2015-1304
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304
132 [ 34 ] CVE-2015-6755
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755
134 [ 35 ] CVE-2015-6756
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756
136 [ 36 ] CVE-2015-6757
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757
138 [ 37 ] CVE-2015-6758
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758
140 [ 38 ] CVE-2015-6759
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759
142 [ 39 ] CVE-2015-6760
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760
144 [ 40 ] CVE-2015-6761
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761
146 [ 41 ] CVE-2015-6762
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762
148 [ 42 ] CVE-2015-6763
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763
150 [ 43 ] CVE-2015-6764
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764
152 [ 44 ] CVE-2015-6765
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765
154 [ 45 ] CVE-2015-6766
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766
156 [ 46 ] CVE-2015-6767
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767
158 [ 47 ] CVE-2015-6768
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768
160 [ 48 ] CVE-2015-6769
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769
162 [ 49 ] CVE-2015-6770
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770
164 [ 50 ] CVE-2015-6771
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771
166 [ 51 ] CVE-2015-6772
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772
168 [ 52 ] CVE-2015-6773
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773
170 [ 53 ] CVE-2015-6774
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774
172 [ 54 ] CVE-2015-6775
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775
174 [ 55 ] CVE-2015-6776
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776
176 [ 56 ] CVE-2015-6777
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777
178 [ 57 ] CVE-2015-6778
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778
180 [ 58 ] CVE-2015-6779
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779
182 [ 59 ] CVE-2015-6780
183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780
184 [ 60 ] CVE-2015-6781
185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781
186 [ 61 ] CVE-2015-6782
187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782
188 [ 62 ] CVE-2015-6783
189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783
190 [ 63 ] CVE-2015-6784
191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784
192 [ 64 ] CVE-2015-6785
193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785
194 [ 65 ] CVE-2015-6786
195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786
196 [ 66 ] CVE-2015-6787
197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787
198 [ 67 ] CVE-2015-6788
199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788
200 [ 68 ] CVE-2015-6789
201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789
202 [ 69 ] CVE-2015-6790
203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790
204 [ 70 ] CVE-2015-6791
205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791
206 [ 71 ] CVE-2015-6792
207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792
208 [ 72 ] CVE-2015-8126
209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126
210 [ 73 ] CVE-2016-1612
211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612
212 [ 74 ] CVE-2016-1613
213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613
214 [ 75 ] CVE-2016-1614
215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614
216 [ 76 ] CVE-2016-1615
217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615
218 [ 77 ] CVE-2016-1616
219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616
220 [ 78 ] CVE-2016-1617
221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617
222 [ 79 ] CVE-2016-1618
223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618
224 [ 80 ] CVE-2016-1619
225 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619
226 [ 81 ] CVE-2016-1620
227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620
228 [ 82 ] CVE-2016-1621
229 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621
230 [ 83 ] CVE-2016-1622
231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622
232 [ 84 ] CVE-2016-1623
233 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623
234 [ 85 ] CVE-2016-1624
235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624
236 [ 86 ] CVE-2016-1625
237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625
238 [ 87 ] CVE-2016-1626
239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626
240 [ 88 ] CVE-2016-1627
241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627
242 [ 89 ] CVE-2016-1628
243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628
244 [ 90 ] CVE-2016-1629
245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629
246 [ 91 ] CVE-2016-1630
247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630
248 [ 92 ] CVE-2016-1631
249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631
250 [ 93 ] CVE-2016-1632
251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632
252 [ 94 ] CVE-2016-1633
253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633
254 [ 95 ] CVE-2016-1634
255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634
256 [ 96 ] CVE-2016-1635
257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635
258 [ 97 ] CVE-2016-1636
259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636
260 [ 98 ] CVE-2016-1637
261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637
262 [ 99 ] CVE-2016-1638
263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638
264 [ 100 ] CVE-2016-1639
265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639
266 [ 101 ] CVE-2016-1640
267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640
268 [ 102 ] CVE-2016-1641
269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641
270
271 Availability
272 ============
273
274 This GLSA and any updates to it are available for viewing at
275 the Gentoo Security Website:
276
277 https://security.gentoo.org/glsa/201603-09
278
279 Concerns?
280 =========
281
282 Security is a primary focus of Gentoo Linux and ensuring the
283 confidentiality and security of our users' machines is of utmost
284 importance to us. Any security concerns should be addressed to
285 security@g.o or alternatively, you may file a bug at
286 https://bugs.gentoo.org.
287
288 License
289 =======
290
291 Copyright 2016 Gentoo Foundation, Inc; referenced text
292 belongs to its owner(s).
293
294 The contents of this document are licensed under the
295 Creative Commons - Attribution / Share Alike license.
296
297 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups