Home / mailings [gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities
Posted on 12 March 2016
Gentoo-announceThis is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--6Fl6NVlr0hla9PtildCthXREMPXCV7o9I
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201603-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #555640, #559384, #561448, #563098, #565510, #567308,
#567870, #568396, #572542, #574416, #575434, #576354, #576858
ID: 201603-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 49.0.2623.87 >= 49.0.2623.87
Description
===========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87"
References
==========
[ 1 ] CVE-2015-1270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270
[ 2 ] CVE-2015-1271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271
[ 3 ] CVE-2015-1272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272
[ 4 ] CVE-2015-1273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273
[ 5 ] CVE-2015-1274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274
[ 6 ] CVE-2015-1275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275
[ 7 ] CVE-2015-1276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276
[ 8 ] CVE-2015-1277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277
[ 9 ] CVE-2015-1278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278
[ 10 ] CVE-2015-1279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279
[ 11 ] CVE-2015-1280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280
[ 12 ] CVE-2015-1281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281
[ 13 ] CVE-2015-1282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282
[ 14 ] CVE-2015-1283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283
[ 15 ] CVE-2015-1284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284
[ 16 ] CVE-2015-1285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285
[ 17 ] CVE-2015-1286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286
[ 18 ] CVE-2015-1287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287
[ 19 ] CVE-2015-1288
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288
[ 20 ] CVE-2015-1289
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289
[ 21 ] CVE-2015-1291
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291
[ 22 ] CVE-2015-1292
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292
[ 23 ] CVE-2015-1293
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293
[ 24 ] CVE-2015-1294
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294
[ 25 ] CVE-2015-1295
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295
[ 26 ] CVE-2015-1296
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296
[ 27 ] CVE-2015-1297
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297
[ 28 ] CVE-2015-1298
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298
[ 29 ] CVE-2015-1299
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299
[ 30 ] CVE-2015-1300
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300
[ 31 ] CVE-2015-1302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302
[ 32 ] CVE-2015-1303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303
[ 33 ] CVE-2015-1304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304
[ 34 ] CVE-2015-6755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755
[ 35 ] CVE-2015-6756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756
[ 36 ] CVE-2015-6757
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757
[ 37 ] CVE-2015-6758
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758
[ 38 ] CVE-2015-6759
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759
[ 39 ] CVE-2015-6760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760
[ 40 ] CVE-2015-6761
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761
[ 41 ] CVE-2015-6762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762
[ 42 ] CVE-2015-6763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763
[ 43 ] CVE-2015-6764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764
[ 44 ] CVE-2015-6765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765
[ 45 ] CVE-2015-6766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766
[ 46 ] CVE-2015-6767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767
[ 47 ] CVE-2015-6768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768
[ 48 ] CVE-2015-6769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769
[ 49 ] CVE-2015-6770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770
[ 50 ] CVE-2015-6771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771
[ 51 ] CVE-2015-6772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772
[ 52 ] CVE-2015-6773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773
[ 53 ] CVE-2015-6774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774
[ 54 ] CVE-2015-6775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775
[ 55 ] CVE-2015-6776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776
[ 56 ] CVE-2015-6777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777
[ 57 ] CVE-2015-6778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778
[ 58 ] CVE-2015-6779
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779
[ 59 ] CVE-2015-6780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780
[ 60 ] CVE-2015-6781
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781
[ 61 ] CVE-2015-6782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782
[ 62 ] CVE-2015-6783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783
[ 63 ] CVE-2015-6784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784
[ 64 ] CVE-2015-6785
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785
[ 65 ] CVE-2015-6786
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786
[ 66 ] CVE-2015-6787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787
[ 67 ] CVE-2015-6788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788
[ 68 ] CVE-2015-6789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789
[ 69 ] CVE-2015-6790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790
[ 70 ] CVE-2015-6791
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791
[ 71 ] CVE-2015-6792
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792
[ 72 ] CVE-2015-8126
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126
[ 73 ] CVE-2016-1612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612
[ 74 ] CVE-2016-1613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613
[ 75 ] CVE-2016-1614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614
[ 76 ] CVE-2016-1615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615
[ 77 ] CVE-2016-1616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616
[ 78 ] CVE-2016-1617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617
[ 79 ] CVE-2016-1618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618
[ 80 ] CVE-2016-1619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619
[ 81 ] CVE-2016-1620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620
[ 82 ] CVE-2016-1621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621
[ 83 ] CVE-2016-1622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622
[ 84 ] CVE-2016-1623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623
[ 85 ] CVE-2016-1624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624
[ 86 ] CVE-2016-1625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625
[ 87 ] CVE-2016-1626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626
[ 88 ] CVE-2016-1627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627
[ 89 ] CVE-2016-1628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628
[ 90 ] CVE-2016-1629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629
[ 91 ] CVE-2016-1630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630
[ 92 ] CVE-2016-1631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631
[ 93 ] CVE-2016-1632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632
[ 94 ] CVE-2016-1633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633
[ 95 ] CVE-2016-1634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634
[ 96 ] CVE-2016-1635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635
[ 97 ] CVE-2016-1636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636
[ 98 ] CVE-2016-1637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637
[ 99 ] CVE-2016-1638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638
[ 100 ] CVE-2016-1639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639
[ 101 ] CVE-2016-1640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640
[ 102 ] CVE-2016-1641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--6Fl6NVlr0hla9PtildCthXREMPXCV7o9I
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"