lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1ajevv-0000Lo-Ej@alpha.psidef.org>
Date: Sat, 26 Mar 2016 03:30:39 +0000
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3531-1] chromum-browser security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3531-1                   security@...ian.org
https://www.debian.org/security/                          Michael Gilbert
March 25, 2016                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromum-browser
CVE ID         : CVE-2016-1646 CVE-2016-1647 CVE-2016-1648 CVE-2016-1649
                 CVE-2016-1650

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1646

    Wen Xu discovered an out-of-bounds read issue in the v8 library.

CVE-2016-1647

    A use-after-free issue was discovered.

CVE-2016-1648

    A use-after-free issue was discovered in the handling of extensions.

CVE-2016-1649

    lokihardt discovered a buffer overflow issue in the Almost Native
    Graphics Layer Engine (ANGLE) library.

CVE-2016-1650

    The chrome development team found and fixed various issues during
    internal auditing.  Also multiple issues were fixed in the v8
    javascript library, version 4.9.385.33.

For the stable distribution (jessie), these problems have been fixed in
version 49.0.2623.108-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 49.0.2623.108-1.

We recommend that you upgrade your chromum-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJW9gD0AAoJELjWss0C1vRzlScgAKYDK4DCzy99kl4PTLdWUn1x
vyOXZAtRZRPHWIyA7OaD0XtCkA+vHbjnUBy7W8JuwdxcfoDPKq7H0lqtO8QSsIPN
O5vqIoWyEGo4mP2/9AB5xZNXFGZuAp3Lrqq+BpIdbYGsR0IBOXHj0yEgqzWFzW0n
QMuOA0nM0MnXCdXNhnxR1XZxv2svVVYthR4paFlw1JriAEKdmR8F1Jfl+4ke1yeT
O7nt7WZlHpdrpicg13+BqkIK1qCipbmdA9wr6qP5UiHYkKxRdKHkhxEYwx1i5wLX
7op2KD5R4d8W0g6VS4Asc+B2acZCPTi8djZvXXIKxbXk+4o5bl1DfqlTWnZANniq
A62k1yc/5olq1cPH5LZHPk4casMVNNCXKxjsRU+vsNIlHVIS9+dJ4c7fm+xsgc+s
9Z4L4WhBz5pjF5Eq2Qurbn9J60I9JPTUgL99fN0eCeqeS4xnRnkVmbGlJWWJUd3y
VpkBvsa+PYgoAcKKZ+axasfcROJ1VIlfUgcDbFJ+AeQ06UL0oVyPc8Fngh+4wDDj
eiEJRh+c0om+Gb71fcwEM/yyE3Fs7+xl47sst1JMKacjLx/yqRNWVa7nOYGNKj1T
1vf4rAtTNaaTkDwG5kxNVJy//iCG2dvQGz8kIifzQ93XvU4YRukve6Wxva8K9xDB
UYj4VfqiLAjMmqLBsbBctm5geokpIyWRQrvkMYB5Of0WEnSLfLjklIsp3/AY9Jan
so8wTjVVhFokwAJJnkqoLE/yAfJKZHKio9Fl8H4YKi3uwf628pdgLukRjwgCNXRL
RDe+r+i65n8TVcEw0ODO1q3eEtJsAo4cCnqZQxZ4/QvG0mzAGbBDsmAWbDB43RuJ
8Tzxy22LTGdYwtM8nrJOVjSK5yaf9f02cmb/fhVLfqtZTu27nEJRO7dmygWtLDeR
Dj7CkLJ07FgaV0W9FIGmXxydo261I1W6hMSKwWiQ4AS5J/IODL0mrXHGHRjcWuiG
wTXp4VytlaV3kngh1WaTh+V8PiEDA4gl/ciRNe1voYGYv/7/5PV6yqwffkCC5sVH
xlyOBhetI9zjHDoT0VR5pZlV05FR3d/f7xAbkFXM744hsUKRLDaMlyvTLMSDo/7s
qDtYWH0cFrO7PEUVPrvP+o8jHgrGLVjip3/P0aqDegsU3Eq9D6qtEQ34GK9mn5SJ
MyVgysUF418MshnG/tLT6xvF/JLlUK0a7PpGijgrGcuGrzweTzPmvJsEV2xeac9c
pjhTZITOcglew+YzAo+1ctFwQV8VeZc/2ha+ZdRTA7hU07zz50NPtTuM2KoOlMxk
DfgGmvFjt2OaO6yX6t/oOrSG7E+/GO+y6Vp1FyQTe1G2zvAR2Rz71dlRJOJkW58=
=NEwx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ