Debian 10225 Published by

Updated chromium-browser packages has been released for Debian



- -------------------------------------------------------------------------
Debian Security Advisory DSA-3810-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
March 15, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
CVE-2017-5041 CVE-2017-5042 CVE-2017-5043 CVE-2017-5044
CVE-2017-5045 CVE-2017-5046

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-5029

Holger Fuhrmannek discovered an integer overflow issue in the libxslt
library.

CVE-2017-5030

Brendon Tiszka discovered a memory corruption issue in the v8 javascript
library.

CVE-2017-5031

Looben Yang discovered a use-after-free issue in the ANGLE library.

CVE-2017-5032

Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.

CVE-2017-5033

Nicolai Grødum discovered a way to bypass the Content Security Policy.

CVE-2017-5034

Ke Liu discovered an integer overflow issue in the pdfium library.

CVE-2017-5035

Enzo Aguado discovered an issue with the omnibox.

CVE-2017-5036

A use-after-free issue was discovered in the pdfium library.

CVE-2017-5037

Yongke Wang discovered multiple out-of-bounds write issues.

CVE-2017-5038

A use-after-free issue was discovered in the guest view.

CVE-2017-5039

jinmo123 discovered a use-after-free issue in the pdfium library.

CVE-2017-5040

Choongwoo Han discovered an information disclosure issue in the v8
javascript library.

CVE-2017-5041

Jordi Chancel discovered an address spoofing issue.

CVE-2017-5042

Mike Ruddy discovered incorrect handling of cookies.

CVE-2017-5043

Another use-after-free issue was discovered in the guest view.

CVE-2017-5044

Kushal Arvind Shah discovered a heap overflow issue in the skia
library.

CVE-2017-5045

Dhaval Kapil discovered an information disclosure issue.

CVE-2017-5046

Masato Kinugawa discovered an information disclosure issue.

For the stable distribution (jessie), these problems have been fixed in
version 57.0.2987.98-1~deb8u1.

For the upcoming stable (stretch) and unstable (sid) distributions, these
problems have been fixed in version 57.0.2987.98-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
  Chromium-browser security update for Debian