[gentoo-announce] [ GLSA 201706-20 ] Chromium: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201706-20 ] Chromium: Multiple vulnerabilities
Date:	Tue, 20 Jun 2017 19:06:26
Message-Id:	`260f875b-23e9-69b6-01f1-598d03c25dd6@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201706-20

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Chromium: Multiple vulnerabilities

9

     Date: June 20, 2017

10

     Bugs: #617504, #620956, #621886

11

       ID: 201706-20

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in the Chromium web browser,

19

the worst of which allows remote attackers to execute arbitrary code.

20

21

Background

22

==========

23

24

Chromium is an open-source browser project that aims to build a safer,

25

faster, and more stable way for all users to experience the web.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  www-client/chromium      < 59.0.3071.104        >= 59.0.3071.104

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been discovered in the Chromium web

39

browser. Please review the CVE identifiers referenced below for

40

details.

41

42

Impact

43

======

44

45

A remote attacker could possibly execute arbitrary code with the

46

privileges of the process, cause a Denial of Service condition, obtain

47

sensitive information, bypass security restrictions or spoof content.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All Chromium users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot -v ">=www-client/chromium-59.0.3071.104"

61

62

References

63

==========

64

65

[  1 ] CVE-2017-5068

66

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5068

67

[  2 ] CVE-2017-5070

68

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5070

69

[  3 ] CVE-2017-5071

70

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5071

71

[  4 ] CVE-2017-5072

72

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5072

73

[  5 ] CVE-2017-5073

74

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5073

75

[  6 ] CVE-2017-5074

76

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5074

77

[  7 ] CVE-2017-5075

78

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5075

79

[  8 ] CVE-2017-5076

80

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5076

81

[  9 ] CVE-2017-5077

82

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5077

83

[ 10 ] CVE-2017-5078

84

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5078

85

[ 11 ] CVE-2017-5079

86

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5079

87

[ 12 ] CVE-2017-5080

88

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5080

89

[ 13 ] CVE-2017-5081

90

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5081

91

[ 14 ] CVE-2017-5082

92

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5082

93

[ 15 ] CVE-2017-5083

94

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5083

95

[ 16 ] CVE-2017-5084

96

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5084

97

[ 17 ] CVE-2017-5085

98

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5085

99

[ 18 ] CVE-2017-5086

100

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5086

101

[ 19 ] CVE-2017-5087

102

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5087

103

[ 20 ] CVE-2017-5088

104

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5088

105

[ 21 ] CVE-2017-5089

106

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5089

107

108

Availability

109

============

110

111

This GLSA and any updates to it are available for viewing at

112

the Gentoo Security Website:

113

114

 https://security.gentoo.org/glsa/201706-20

115

116

Concerns?

117

=========

118

119

Security is a primary focus of Gentoo Linux and ensuring the

120

confidentiality and security of our users' machines is of utmost

121

importance to us. Any security concerns should be addressed to

122

security@g.o or alternatively, you may file a bug at

123

https://bugs.gentoo.org.

124

125

License

126

=======

127

128

Copyright 2017 Gentoo Foundation, Inc; referenced text

129

belongs to its owner(s).

130

131

The contents of this document are licensed under the

132

Creative Commons - Attribution / Share Alike license.

133

134

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201706-20
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Chromium: Multiple vulnerabilities
9	Date: June 20, 2017
10	Bugs: #617504, #620956, #621886
11	ID: 201706-20
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in the Chromium web browser,
19	the worst of which allows remote attackers to execute arbitrary code.
20
21	Background
22	==========
23
24	Chromium is an open-source browser project that aims to build a safer,
25	faster, and more stable way for all users to experience the web.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 www-client/chromium < 59.0.3071.104 >= 59.0.3071.104
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been discovered in the Chromium web
39	browser. Please review the CVE identifiers referenced below for
40	details.
41
42	Impact
43	======
44
45	A remote attacker could possibly execute arbitrary code with the
46	privileges of the process, cause a Denial of Service condition, obtain
47	sensitive information, bypass security restrictions or spoof content.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All Chromium users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot -v ">=www-client/chromium-59.0.3071.104"
61
62	References
63	==========
64
65	[ 1 ] CVE-2017-5068
66	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5068
67	[ 2 ] CVE-2017-5070
68	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5070
69	[ 3 ] CVE-2017-5071
70	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5071
71	[ 4 ] CVE-2017-5072
72	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5072
73	[ 5 ] CVE-2017-5073
74	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5073
75	[ 6 ] CVE-2017-5074
76	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5074
77	[ 7 ] CVE-2017-5075
78	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5075
79	[ 8 ] CVE-2017-5076
80	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5076
81	[ 9 ] CVE-2017-5077
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5077
83	[ 10 ] CVE-2017-5078
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5078
85	[ 11 ] CVE-2017-5079
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5079
87	[ 12 ] CVE-2017-5080
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5080
89	[ 13 ] CVE-2017-5081
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5081
91	[ 14 ] CVE-2017-5082
92	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5082
93	[ 15 ] CVE-2017-5083
94	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5083
95	[ 16 ] CVE-2017-5084
96	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5084
97	[ 17 ] CVE-2017-5085
98	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5085
99	[ 18 ] CVE-2017-5086
100	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5086
101	[ 19 ] CVE-2017-5087
102	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5087
103	[ 20 ] CVE-2017-5088
104	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5088
105	[ 21 ] CVE-2017-5089
106	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5089
107
108	Availability
109	============
110
111	This GLSA and any updates to it are available for viewing at
112	the Gentoo Security Website:
113
114	https://security.gentoo.org/glsa/201706-20
115
116	Concerns?
117	=========
118
119	Security is a primary focus of Gentoo Linux and ensuring the
120	confidentiality and security of our users' machines is of utmost
121	importance to us. Any security concerns should be addressed to
122	security@g.o or alternatively, you may file a bug at
123	https://bugs.gentoo.org.
124
125	License
126	=======
127
128	Copyright 2017 Gentoo Foundation, Inc; referenced text
129	belongs to its owner(s).
130
131	The contents of this document are licensed under the
132	Creative Commons - Attribution / Share Alike license.
133
134	http://creativecommons.org/licenses/by-sa/2.5