logo
DATABASE RESOURCES PRICING ABOUT US

[SECURITY] [DSA 3415-1] chromium-browser security update

Description

- ------------------------------------------------------------------------- Debian Security Advisory DSA-3415-1 security@debian.org https://www.debian.org/security/ Michael Gilbert December 09, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766 CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770 CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774 CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778 CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782 CVE-2015-6784 CVE-2015-6785 CVE-2015-6786 Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library. CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2015-6765 A use-after-free issue was discovered in AppCache. CVE-2015-6766 A use-after-free issue was discovered in AppCache. CVE-2015-6767 A use-after-free issue was discovered in AppCache. CVE-2015-6768 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6769 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6770 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6771 An out-of-bounds read issue was discovered in the v8 javascript library. CVE-2015-6772 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2015-6773 cloudfuzzer discovered an out-of-bounds read issue in the skia library. CVE-2015-6774 A use-after-free issue was found in extensions binding. CVE-2015-6775 Atte Kettunen discovered a type confusion issue in the pdfium library. CVE-2015-6776 Hanno Böck dicovered and out-of-bounds access issue in the openjpeg library, which is used by pdfium. CVE-2015-6777 Long Liu found a use-after-free issue. CVE-2015-6778 Karl Skomski found an out-of-bounds read issue in the pdfium library. CVE-2015-6779 Til Jasper Ullrich discovered that the pdfium library does not sanitize "chrome:" URLs. CVE-2015-6780 Khalil Zhani discovered a use-after-free issue. CVE-2015-6781 miaubiz discovered an integer overflow issue in the sfntly library. CVE-2015-6782 Luan Herrera discovered a URL spoofing issue. CVE-2015-6784 Inti De Ceukelaire discovered a way to inject HTML into serialized web pages. CVE-2015-6785 Michael Ficarra discovered a way to bypass the Content Security Policy. CVE-2015-6786 Michael Ficarra discovered another way to bypass the Content Security Policy. For the stable distribution (jessie), these problems have been fixed in version 47.0.2526.73-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 47.0.2526.73-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org


Affected Package


OS OS Version Package Name Package Version
Debian 8 chromium-dbg 47.0.2526.73-1~deb8u1
Debian 8 chromium-inspector 47.0.2526.73-1~deb8u1
Debian 8 chromedriver 47.0.2526.73-1~deb8u1
Debian 8 chromedriver 47.0.2526.73-1~deb8u1
Debian 8 chromium-l10n 47.0.2526.73-1~deb8u1
Debian 8 chromium 47.0.2526.73-1~deb8u1
Debian 8 chromium 47.0.2526.73-1~deb8u1
Debian 8 chromium-browser 47.0.2526.73-1~deb8u1
Debian 8 chromium-dbg 47.0.2526.73-1~deb8u1

Related