Home / mailings [gentoo-announce] [ GLSA 201607-07 ] Chromium: Multiple vulnerabilities
Posted on 16 July 2016
Gentoo-announceThis is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB
Content-Type: multipart/mixed; boundary="PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt"
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <6133c6a5-470b-c7d5-dece-87dcb02dae44@gentoo.org>
Subject: [ GLSA 201607-07 ] Chromium: Multiple vulnerabilities
--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt
Content-Type: multipart/alternative;
boundary="------------2A20565CD03AE71546765F80"
This is a multi-part message in MIME format.
--------------2A20565CD03AE71546765F80
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 51.0.2704.103 >= 51.0.2704.103
Description
===========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-51.0.2704.103"
References
==========
[ 1 ] CVE-2016-1672
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1672
[ 2 ] CVE-2016-1673
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1673
[ 3 ] CVE-2016-1674
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1674
[ 4 ] CVE-2016-1675
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1675
[ 5 ] CVE-2016-1676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1676
[ 6 ] CVE-2016-1677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1677
[ 7 ] CVE-2016-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1678
[ 8 ] CVE-2016-1679
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1679
[ 9 ] CVE-2016-1680
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1680
[ 10 ] CVE-2016-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1681
[ 11 ] CVE-2016-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1682
[ 12 ] CVE-2016-1683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1683
[ 13 ] CVE-2016-1684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1684
[ 14 ] CVE-2016-1685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1685
[ 15 ] CVE-2016-1686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1686
[ 16 ] CVE-2016-1687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1687
[ 17 ] CVE-2016-1688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1688
[ 18 ] CVE-2016-1689
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1689
[ 19 ] CVE-2016-1690
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1690
[ 20 ] CVE-2016-1691
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1691
[ 21 ] CVE-2016-1692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1692
[ 22 ] CVE-2016-1693
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1693
[ 23 ] CVE-2016-1694
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1694
[ 24 ] CVE-2016-1695
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1695
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------2A20565CD03AE71546765F80
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf=-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>
<meta http-equiv="content-type" content="text/html; charset=u=tf-8">
</p>
<pre style="color: rgb(0, 0, 0); font-style: normal; font-variant: =normal; font-weight: normal; letter-spacing: normal; line-height: normal;= orphans: auto; text-align: start; text-indent: 0px; text-transform: none=; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap=: break-word; white-space: pre-wrap;">- - - - - - - - - - - - - - - - - -= - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<a class="moz-txt-link-freet=ext" href="https://security.gentoo.org/">https://security.gentoo.org/</=a>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: July 16, 2016
Bugs: #584310, #586704
ID: 201607-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 51.0.2704.103 >= 51.0.2704==2E103
Description
===========
Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-51.0.2704.103"
References
==========
[ 1 ] CVE-2016-1672
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1672">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1672</a>
[ 2 ] CVE-2016-1673
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1673">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1673</a>
[ 3 ] CVE-2016-1674
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1674">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1674</a>
[ 4 ] CVE-2016-1675
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1675">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1675</a>
[ 5 ] CVE-2016-1676
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1676">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1676</a>
[ 6 ] CVE-2016-1677
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1677">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1677</a>
[ 7 ] CVE-2016-1678
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1678">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1678</a>
[ 8 ] CVE-2016-1679
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1679">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1679</a>
[ 9 ] CVE-2016-1680
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1680">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1680</a>
[ 10 ] CVE-2016-1681
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1681">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1681</a>
[ 11 ] CVE-2016-1682
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1682">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1682</a>
[ 12 ] CVE-2016-1683
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1683">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1683</a>
[ 13 ] CVE-2016-1684
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1684">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1684</a>
[ 14 ] CVE-2016-1685
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1685">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1685</a>
[ 15 ] CVE-2016-1686
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1686">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1686</a>
[ 16 ] CVE-2016-1687
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1687">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1687</a>
[ 17 ] CVE-2016-1688
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1688">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1688</a>
[ 18 ] CVE-2016-1689
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1689">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1689</a>
[ 19 ] CVE-2016-1690
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1690">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1690</a>
[ 20 ] CVE-2016-1691
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1691">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1691</a>
[ 21 ] CVE-2016-1692
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1692">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1692</a>
[ 22 ] CVE-2016-1693
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1693">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1693</a>
[ 23 ] CVE-2016-1694
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1694">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1694</a>
[ 24 ] CVE-2016-1695
<a class="moz-txt-link-freetext" href="http://nvd.nist.gov/nvd==2Ecfm?cvename=CVE-2016-1695">http://nvd.nist.gov/nvd.cfm?cvename=CVE=-2016-1695</a>
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
<a class="moz-txt-link-freetext" href="https://security.gentoo.org/g=lsa/201607-07">https://security.gentoo.org/glsa/201607-07</a>
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
<a class="moz-txt-link-abbreviated" href="mailto:security@gentoo.org"=>security@gentoo.org</a> or alternatively, you may file a bug at
<a class="moz-txt-link-freetext" href="https://bugs.gentoo.org">https=://bugs.gentoo.org</a>.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
<a class="moz-txt-link-freetext" href="http://creativecommons.org/lic=enses/by-sa/2.5">http://creativecommons.org/licenses/by-sa/2.5</a></pre>
</body>
</html>
--------------2A20565CD03AE71546765F80--
--PAnEsJ5p6UPR2AhUNBEJNAXxhPCbFJUwt--
--tprlhdI88VDqu8BU75BF5wK9Fi3ITW5vB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
