Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Yury German <blueknight@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201506-04 ] Chromium: Multiple vulnerabilities
Date: Tue, 23 Jun 2015 03:58:07
Message-Id: 5588D85D.30907@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201506-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium: Multiple vulnerabilities
9 Date: June 23, 2015
10 Bugs: #545300, #546728, #548108, #549944
11 ID: 201506-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been fixed in Chromium, the worst of
19 which can cause arbitrary remote code execution.
20
21 Background
22 ==========
23
24 Chromium is an open-source web browser project.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-client/chromium < 43.0.2357.65 >= 43.0.2357.65
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Chromium. Please
38 review the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker can cause arbitrary remote code execution, Denial of
44 Service or bypass of security mechanisms.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Chromium users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot -v ">=www-client/chromium-43.0.2357.65"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2015-1233
63 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1233
64 [ 2 ] CVE-2015-1234
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1234
66 [ 3 ] CVE-2015-1235
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1235
68 [ 4 ] CVE-2015-1236
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1236
70 [ 5 ] CVE-2015-1237
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1237
72 [ 6 ] CVE-2015-1238
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1238
74 [ 7 ] CVE-2015-1240
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1240
76 [ 8 ] CVE-2015-1241
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1241
78 [ 9 ] CVE-2015-1242
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1242
80 [ 10 ] CVE-2015-1243
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1243
82 [ 11 ] CVE-2015-1244
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1244
84 [ 12 ] CVE-2015-1245
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1245
86 [ 13 ] CVE-2015-1246
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1246
88 [ 14 ] CVE-2015-1247
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1247
90 [ 15 ] CVE-2015-1248
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1248
92 [ 16 ] CVE-2015-1250
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1250
94 [ 17 ] CVE-2015-1251
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1251
96 [ 18 ] CVE-2015-1252
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1252
98 [ 19 ] CVE-2015-1253
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1253
100 [ 20 ] CVE-2015-1254
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1254
102 [ 21 ] CVE-2015-1255
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1255
104 [ 22 ] CVE-2015-1256
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1256
106 [ 23 ] CVE-2015-1257
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1257
108 [ 24 ] CVE-2015-1258
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1258
110 [ 25 ] CVE-2015-1259
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1259
112 [ 26 ] CVE-2015-1260
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1260
114 [ 27 ] CVE-2015-1262
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1262
116 [ 28 ] CVE-2015-1263
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1263
118 [ 29 ] CVE-2015-1264
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1264
120 [ 30 ] CVE-2015-1265
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1265
122
123 Availability
124 ============
125
126 This GLSA and any updates to it are available for viewing at
127 the Gentoo Security Website:
128
129 https://security.gentoo.org/glsa/201506-04
130
131 Concerns?
132 =========
133
134 Security is a primary focus of Gentoo Linux and ensuring the
135 confidentiality and security of our users' machines is of utmost
136 importance to us. Any security concerns should be addressed to
137 security@g.o or alternatively, you may file a bug at
138 https://bugs.gentoo.org.
139
140 License
141 =======
142
143 Copyright 2015 Gentoo Foundation, Inc; referenced text
144 belongs to its owner(s).
145
146 The contents of this document are licensed under the
147 Creative Commons - Attribution / Share Alike license.
148
149 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups