Debian 10225 Published by

Updated Chromium-browser packages has been released for Debian GNU/Linux 9



- -------------------------------------------------------------------------
Debian Security Advisory DSA-3985-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
September 28, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114
CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118
CVE-2017-5119 CVE-2017-5120 CVE-2017-5121 CVE-2017-5122

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-5111

Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-5112

Tobias Klein discovered a buffer overflow issue in the webgl
library.

CVE-2017-5113

A buffer overflow issue was discovered in the skia library.

CVE-2017-5114

Ke Liu discovered a memory issue in the pdfium library.

CVE-2017-5115

Marco Giovannini discovered a type confusion issue in the v8
javascript library.

CVE-2017-5116

Guang Gong discovered a type confusion issue in the v8 javascript
library.

CVE-2017-5117

Tobias Klein discovered an uninitialized value in the skia library.

CVE-2017-5118

WenXu Wu discovered a way to bypass the Content Security Policy.

CVE-2017-5119

Another uninitialized value was discovered in the skia library.

CVE-2017-5120

Xiaoyin Liu discovered a way downgrade HTTPS connections during
redirection.

CVE-2017-5121

Jordan Rabet discovered an out-of-bounds memory access in the v8
javascript library.

CVE-2017-5122

Choongwoo Han discovered an out-of-bounds memory access in the v8
javascript library.

For the stable distribution (stretch), these problems have been fixed in
version 61.0.3163.100-1~deb9u1.

For the testing distribution (buster), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 61.0.3163.100-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

  Chromium-browser security update for Debian 9