SUSE CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

[ASA-201612-18] qt5-webengine: multiple issues

Arch Linux Security Advisory ASA-201612-18 ========================================== Severity: Critical Date : 2016-12-17 CVE-ID : CVE-2016-5133 CVE-2016-5147 CVE-2016-5153 CVE-2016-5155 CVE-2016-5161 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5181 CVE-2016-5185 CVE-2016-51...

node.js -- multiple vulnerabilities

Node.js v6.9.0 LTS contains the following security fixes, specific to v6.x: Disable auto-loading of openssl.cnf: Don't automatically attempt to load an OpenSSL configuration file, from the OPENSSLCONF environment variable or from the default location for the current platform. Always triggering a...

October security releases and v6 LTS "Boron" security inclusions

October security releases and v6 LTS "Boron" security inclusions Update 18-October-2016 Releases available Updates are now available for all active Node.js release lines. The following releases all contain fixes for CVE-2016-5180 "arescreatequery single byte out of buffer write": Node.js v0.10.48...

Fedora 23 : chromium (2016-2e50862950)

Security fix for CVE-2016-5177, CVE-2016-5178 https://googlechromereleases.blogspot.com/2016/09/stable-channel-updat e-for-desktop29.html ---- Update to 53.0.2785.116. https://chromium.googlesource.com/chromium/src/+log/53.0.2785.113..53. 0.2785.116?pretty=fuller&n=10000 ---- Update to...

Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3091-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3091-1 advisory. A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker...

CVE-2016-5172

CVE-2016-5172 : The V8 parser used in Google Chrome/Chromium mishandles scopes, enabling a remote attacker to obtain sensitive information from arbitrary memory locations via crafted JavaScript. Affected product scope includes Google Chrome and Chromium builds prior to 53.0.2785.113. Remediation ...

openSUSE Security Update : chromium (openSUSE-2016-1085)

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed : - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...

Fedora 24 : chromium (2016-b15185b72a)

Update to 53.0.2785.113 Security fix for CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

FreeBSD : chromium -- multiple vulnerabilities (653a8059-7c49-11e6-9242-3065ec8fd3ec)

Google Chrome Releases reports : Several security fixes in this release, including : - 641101 High CVE-2016-5170: Use after free in Blink.Credit to Anonymous - 643357 High CVE-2016-5171: Use after free in Blink. Credit to Anonymous - 616386 Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credi...

Debian DSA-3667-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5170 A use-after-free issue was discovered in Blink/Webkit. - CVE-2016-5171 Another use-after-free issue was discovered in Blink/Webkit. - CVE-2016-5172 Choongwoo Han discovered an information leak in the v8...

openSUSE: Security Advisory for chromium (openSUSE-SU-2016:2311-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-3667-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...