[gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities

public inbox for gentoo-announce@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities
@ 2016-03-12 12:12 Kristian Fiskerstrand
  0 siblings, 0 replies; only message in thread
From: Kristian Fiskerstrand @ 2016-03-12 12:12 UTC (permalink / raw
  To: gentoo-announce

[-- Attachment #1: Type: text/plain, Size: 11128 bytes --]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201603-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Chromium: Multiple vulnerabilities
     Date: March 12, 2016
     Bugs: #555640, #559384, #561448, #563098, #565510, #567308,
           #567870, #568396, #572542, #574416, #575434, #576354, #576858
       ID: 201603-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium       < 49.0.2623.87         >= 49.0.2623.87

Description
===========

Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87"

References
==========

[   1 ] CVE-2015-1270
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270
[   2 ] CVE-2015-1271
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271
[   3 ] CVE-2015-1272
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272
[   4 ] CVE-2015-1273
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273
[   5 ] CVE-2015-1274
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274
[   6 ] CVE-2015-1275
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275
[   7 ] CVE-2015-1276
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276
[   8 ] CVE-2015-1277
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277
[   9 ] CVE-2015-1278
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278
[  10 ] CVE-2015-1279
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279
[  11 ] CVE-2015-1280
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280
[  12 ] CVE-2015-1281
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281
[  13 ] CVE-2015-1282
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282
[  14 ] CVE-2015-1283
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283
[  15 ] CVE-2015-1284
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284
[  16 ] CVE-2015-1285
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285
[  17 ] CVE-2015-1286
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286
[  18 ] CVE-2015-1287
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287
[  19 ] CVE-2015-1288
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288
[  20 ] CVE-2015-1289
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289
[  21 ] CVE-2015-1291
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291
[  22 ] CVE-2015-1292
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292
[  23 ] CVE-2015-1293
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293
[  24 ] CVE-2015-1294
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294
[  25 ] CVE-2015-1295
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295
[  26 ] CVE-2015-1296
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296
[  27 ] CVE-2015-1297
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297
[  28 ] CVE-2015-1298
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298
[  29 ] CVE-2015-1299
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299
[  30 ] CVE-2015-1300
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300
[  31 ] CVE-2015-1302
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302
[  32 ] CVE-2015-1303
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303
[  33 ] CVE-2015-1304
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304
[  34 ] CVE-2015-6755
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755
[  35 ] CVE-2015-6756
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756
[  36 ] CVE-2015-6757
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757
[  37 ] CVE-2015-6758
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758
[  38 ] CVE-2015-6759
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759
[  39 ] CVE-2015-6760
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760
[  40 ] CVE-2015-6761
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761
[  41 ] CVE-2015-6762
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762
[  42 ] CVE-2015-6763
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763
[  43 ] CVE-2015-6764
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764
[  44 ] CVE-2015-6765
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765
[  45 ] CVE-2015-6766
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766
[  46 ] CVE-2015-6767
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767
[  47 ] CVE-2015-6768
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768
[  48 ] CVE-2015-6769
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769
[  49 ] CVE-2015-6770
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770
[  50 ] CVE-2015-6771
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771
[  51 ] CVE-2015-6772
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772
[  52 ] CVE-2015-6773
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773
[  53 ] CVE-2015-6774
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774
[  54 ] CVE-2015-6775
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775
[  55 ] CVE-2015-6776
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776
[  56 ] CVE-2015-6777
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777
[  57 ] CVE-2015-6778
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778
[  58 ] CVE-2015-6779
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779
[  59 ] CVE-2015-6780
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780
[  60 ] CVE-2015-6781
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781
[  61 ] CVE-2015-6782
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782
[  62 ] CVE-2015-6783
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783
[  63 ] CVE-2015-6784
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784
[  64 ] CVE-2015-6785
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785
[  65 ] CVE-2015-6786
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786
[  66 ] CVE-2015-6787
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787
[  67 ] CVE-2015-6788
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788
[  68 ] CVE-2015-6789
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789
[  69 ] CVE-2015-6790
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790
[  70 ] CVE-2015-6791
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791
[  71 ] CVE-2015-6792
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792
[  72 ] CVE-2015-8126
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126
[  73 ] CVE-2016-1612
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612
[  74 ] CVE-2016-1613
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613
[  75 ] CVE-2016-1614
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614
[  76 ] CVE-2016-1615
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615
[  77 ] CVE-2016-1616
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616
[  78 ] CVE-2016-1617
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617
[  79 ] CVE-2016-1618
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618
[  80 ] CVE-2016-1619
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619
[  81 ] CVE-2016-1620
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620
[  82 ] CVE-2016-1621
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621
[  83 ] CVE-2016-1622
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622
[  84 ] CVE-2016-1623
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623
[  85 ] CVE-2016-1624
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624
[  86 ] CVE-2016-1625
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625
[  87 ] CVE-2016-1626
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626
[  88 ] CVE-2016-1627
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627
[  89 ] CVE-2016-1628
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628
[  90 ] CVE-2016-1629
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629
[  91 ] CVE-2016-1630
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630
[  92 ] CVE-2016-1631
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631
[  93 ] CVE-2016-1632
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632
[  94 ] CVE-2016-1633
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633
[  95 ] CVE-2016-1634
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634
[  96 ] CVE-2016-1635
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635
[  97 ] CVE-2016-1636
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636
[  98 ] CVE-2016-1637
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637
[  99 ] CVE-2016-1638
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638
[ 100 ] CVE-2016-1639
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639
[ 101 ] CVE-2016-1640
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640
[ 102 ] CVE-2016-1641
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201603-09

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2016-03-12 12:17 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-12 12:12 [gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities Kristian Fiskerstrand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox