Debian 10264 Published by

The following updates has been released for Debian:

[DLA 364-1] gnutls26 security update
[DLA 365-1] foomatic-filters security update
[DSA 3414-1] xen security update
[DSA 3415-1] chromium-browser security update



[DLA 364-1] gnutls26 security update

Package : gnutls26
Version : 2.8.6-1+squeeze6
CVE ID : CVE-2015-8313

[DLA 365-1] foomatic-filters security update

Package : foomatic-filters
Version : 4.0.5-6+squeeze2+deb6u11
CVE ID : CVE-2015-8327
Debian Bug : 806886

It was discovered that there was an injection vulnerability in
foomatic-filters which is used by printer spoolers to convert
incoming PostScript data into the printer's native format.

For Debian 6 Squeeze, this issue has been fixed in foomatic-filters
version 4.0.5-6+squeeze2+deb6u11

[DSA 3414-1] xen security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3414-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2015-3259 CVE-2015-3340 CVE-2015-5307 CVE-2015-6654
CVE-2015-7311 CVE-2015-7812 CVE-2015-7813 CVE-2015-7814
CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972
CVE-2015-8104

Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information
disclosure.

For the oldstable distribution (wheezy), an update will be provided
later.

For the stable distribution (jessie), these problems have been fixed in
version 4.4.1-9+deb8u3.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3415-1] chromium-browser security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3415-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
December 09, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766
CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770
CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774
CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778
CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782
CVE-2015-6784 CVE-2015-6785 CVE-2015-6786

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2015-1302

Rub Wu discovered an information leak in the pdfium library.

CVE-2015-6764

Guang Gong discovered an out-of-bounds read issue in the v8
javascript library.

CVE-2015-6765

A use-after-free issue was discovered in AppCache.

CVE-2015-6766

A use-after-free issue was discovered in AppCache.

CVE-2015-6767

A use-after-free issue was discovered in AppCache.

CVE-2015-6768

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6769

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6770

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6771

An out-of-bounds read issue was discovered in the v8
javascript library.

CVE-2015-6772

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6773

cloudfuzzer discovered an out-of-bounds read issue in the
skia library.

CVE-2015-6774

A use-after-free issue was found in extensions binding.

CVE-2015-6775

Atte Kettunen discovered a type confusion issue in the pdfium
library.

CVE-2015-6776

Hanno Böck dicovered and out-of-bounds access issue in the
openjpeg library, which is used by pdfium.

CVE-2015-6777

Long Liu found a use-after-free issue.

CVE-2015-6778

Karl Skomski found an out-of-bounds read issue in the pdfium
library.

CVE-2015-6779

Til Jasper Ullrich discovered that the pdfium library does
not sanitize "chrome:" URLs.

CVE-2015-6780

Khalil Zhani discovered a use-after-free issue.

CVE-2015-6781

miaubiz discovered an integer overflow issue in the sfntly
library.

CVE-2015-6782

Luan Herrera discovered a URL spoofing issue.

CVE-2015-6784

Inti De Ceukelaire discovered a way to inject HTML into
serialized web pages.

CVE-2015-6785

Michael Ficarra discovered a way to bypass the Content
Security Policy.

CVE-2015-6786

Michael Ficarra discovered another way to bypass the Content
Security Policy.

For the stable distribution (jessie), these problems have been fixed in
version 47.0.2526.73-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 47.0.2526.73-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/