lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 12 Dec 2017 06:03:56 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4064-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4064-1                   security@...ian.org
https://www.debian.org/security/                          Michael Gilbert
December 12, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
                 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416
                 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420
                 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426
                 CVE-2017-15427

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-15407

    Ned Williamson discovered an out-of-bounds write issue.

CVE-2017-15408

    Ke Liu discovered a heap overflow issue in the pdfium library.

CVE-2017-15409

    An out-of-bounds write issue was discovered in the skia library.

CVE-2017-15410

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15411

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15413

    Gaurav Dewan discovered a type confusion issue.

CVE-2017-15415

    Viktor Brange discovered an information disclosure issue.

CVE-2017-15416

    Ned Williamson discovered an out-of-bounds read issue.

CVE-2017-15417

    Max May discovered an information disclosure issue in the skia
    library.

CVE-2017-15418

    Kushal Arvind Shah discovered an uninitialized value in the skia
    library.

CVE-2017-15419

    Jun Kokatsu discoved an information disclosure issue.

CVE-2017-15420

    WenXu Wu discovered a URL spoofing issue.

CVE-2017-15423

    Greg Hudson discovered an issue in the boringssl library.

CVE-2017-15424

    Khalil Zhani discovered a URL spoofing issue.

CVE-2017-15425

    xisigr discovered a URL spoofing issue.

CVE-2017-15426

    WenXu Wu discovered a URL spoofing issue.

CVE-2017-15427

    Junaid Farhan discovered an issue with the omnibox.

For the stable distribution (stretch), these problems have been fixed in
version 63.0.3239.84-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlovt/gACgkQuNayzQLW
9HNCpB//Se2Sq0zIXpibz/22YXknmUdQ9nnjsNUVDhc92r9HyGzU2Icn+WwGh8aH
kg4tNk3tzE4Gf8qxpU3z3Z/KcyJURX1ZZZBxLJrLzU4xPY2ynCrOXzSTsgejBkAw
gEfbyXHD0dJefdqHTmu1fquAg9OBKokMpf5HOJhUHe12erMjMTin+Su8DAUvE4Uq
J0+hWJAPaeNKsml0bVSEshZBoaeqI6DxcA5tIQLaektlCG9BaxOriS6NXxf3v7TT
r16Erb1PQq8CIdl36r9wMl3xqkDYcxJmsn88is7RxcG4W58FfCc0Bvaeqp5+ygGT
RC+aN8+rNj8dTequVVBtyRhUY21GsggWWTkbJCu6dN1QcB7sAHcgtSe50eL+9w5E
Ny2Jaym0UrCSmWvHb1wQZUHzWlogKjsrzuQC9Ces+QQmZbaoop626cKz5YjVQDp5
9NFIkJvFxMgY253mp61HL5nmgdfl1UqWM39mZ1aOOSRVMlw3rVk2cCNCbMVj7IBZ
3IuiEJ25pzo4fUE1gXMsGnHhn7Ppa8vCd8mfw9mzUTg6OY036O6Gzu4ljE6AF8z0
6rzKqzu0y4YckhWZz3XFH1TTkENXZbQCp1EmiwmOfLWGgG+sz15DwL8yk4LkNLts
yqrH+XStq4B4D9hLLHw1ccmwsweRW9gychBVJIBb8mYhxK9BIvE5XGYL0Xol+SbR
nKMNgswkM0KuiJO49jM4biP1GLFoU4LIT+vG7f/cfAbkPMAS6DLKzeFyMUnvOzn5
QFnJh3o2I62q21384svr0/WMbL1xzLQANRreSZLI45Ou1sUNraFgCR7m6Xnwr1T+
A5upVEitlzWR/EcIODNghrZbgtBAzGjLLAmHxmuXJhjb84LqXrp0EtKx+oQJvapE
3tkgCa308EDQEDqbRMEeaZcj3y3C2rGK8h95j4HBKjEfAPD2nx9D4kPZI36awM23
xX0QBA18VvG7TRTVgCv9nzXvzTFA8Fl5WHc5SAa+aKVlWvY9aZiTseSUZsoF9lYW
nC6HUydTSoEZxjcH66l1upVfgctz/7yhhiKpeMx3ScunGnIpkCv3lHqMQmH6vasl
Hce8vsQ78yPPHD5CLGp1QaailFeNw/X5ybMm2v/uGAkLWfXRaeW9ArM/ZYRpBltF
DeFXbKFhNo+5tdCsFyIZ+oSswMhwwfrCXlP9tlKqcwBxfAYhHQOu4Lh/VFXbB6wW
dz4aLG//Hx5Bj8qX4TEAv4T/dwnihPmGpodskFXU8oCvnEPWxmjRLAlBoWwiUhL3
L0FhUnql8v3z33ebJRnaE89CxpAeBn8WQrxeQJBfzx/6ZJS4wGe5S89IanrYHgx0
M2MFwAOexKQpMEwDU/reyyOTZsHDAQ==
=66jZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ