[SECURITY] [DSA 3645-1] chromium-browser security update

2016-08-0901:05:32

lists.debian.org

EPSS

0.028

Percentile

90.6%

JSON

Debian Security Advisory DSA-3645-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
August 09, 2016 https://www.debian.org/security/faq

Package : chromium-browser
CVE ID : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142
CVE-2016-5143 CVE-2016-5144

Several vulnerabilites have been discovered in the chromium web browser.

CVE-2016-5139

GiWan Go discovered a use-after-free issue in the pdfium library.

CVE-2016-5140

Ke Liu discovered a use-after-free issue in the pdfium library.

CVE-2016-5141

Sergey Glazunov discovered a URL spoofing issue.

CVE-2016-5142

Sergey Glazunov discovered a use-after-free issue.

CVE-2016-5143

Gregory Panakkal discovered an issue in the developer tools.

CVE-2016-5144

Gregory Panakkal discovered another issue in the developer tools.

CVE-2016-5146

The chrome development team found and fixed various issues during
internal auditing.

For the stable distribution (jessie), these problems have been fixed in
version 52.0.2743.116-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 52.0.2743.116-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8i386libopenjp2-7< 2.1.0-2+deb8u4libopenjp2-7_2.1.0-2+deb8u4_i386.deb
Debian8amd64libopenjp3d7< 2.1.0-2+deb8u4libopenjp3d7_2.1.0-2+deb8u4_amd64.deb
Debian8armhflibopenjp2-7-dev< 2.1.0-2+deb8u4libopenjp2-7-dev_2.1.0-2+deb8u4_armhf.deb
Debian8amd64libopenjp2-tools< 2.1.0-2+deb8u4libopenjp2-tools_2.1.0-2+deb8u4_amd64.deb
Debian8armhflibopenjp2-7-dbg< 2.1.0-2+deb8u4libopenjp2-7-dbg_2.1.0-2+deb8u4_armhf.deb
Debian8amd64chromedriver< 52.0.2743.116-1~deb8u1chromedriver_52.0.2743.116-1~deb8u1_amd64.deb
Debian8armellibopenjpip-server< 2.1.0-2+deb8u4libopenjpip-server_2.1.0-2+deb8u4_armel.deb
Debian8armhflibopenjp3d-tools< 2.1.0-2+deb8u4libopenjp3d-tools_2.1.0-2+deb8u4_armhf.deb
Debian8amd64libopenjp2-7-dbg< 2.1.0-2+deb8u4libopenjp2-7-dbg_2.1.0-2+deb8u4_amd64.deb
Debian8armhflibopenjpip7< 2.1.0-2+deb8u4libopenjpip7_2.1.0-2+deb8u4_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libopenjp2-7	< 2.1.0-2+deb8u4	libopenjp2-7_2.1.0-2+deb8u4_i386.deb
Debian	8	amd64	libopenjp3d7	< 2.1.0-2+deb8u4	libopenjp3d7_2.1.0-2+deb8u4_amd64.deb
Debian	8	armhf	libopenjp2-7-dev	< 2.1.0-2+deb8u4	libopenjp2-7-dev_2.1.0-2+deb8u4_armhf.deb
Debian	8	amd64	libopenjp2-tools	< 2.1.0-2+deb8u4	libopenjp2-tools_2.1.0-2+deb8u4_amd64.deb
Debian	8	armhf	libopenjp2-7-dbg	< 2.1.0-2+deb8u4	libopenjp2-7-dbg_2.1.0-2+deb8u4_armhf.deb
Debian	8	amd64	chromedriver	< 52.0.2743.116-1~deb8u1	chromedriver_52.0.2743.116-1~deb8u1_amd64.deb
Debian	8	armel	libopenjpip-server	< 2.1.0-2+deb8u4	libopenjpip-server_2.1.0-2+deb8u4_armel.deb
Debian	8	armhf	libopenjp3d-tools	< 2.1.0-2+deb8u4	libopenjp3d-tools_2.1.0-2+deb8u4_armhf.deb
Debian	8	amd64	libopenjp2-7-dbg	< 2.1.0-2+deb8u4	libopenjp2-7-dbg_2.1.0-2+deb8u4_amd64.deb
Debian	8	armhf	libopenjpip7	< 2.1.0-2+deb8u4	libopenjpip7_2.1.0-2+deb8u4_armhf.deb