Debian 10267 Published by

The following security updates has been released for Debian 8:

[DSA 3666-1] mysql-5.5 security update
[DSA 3667-1] chromium-browser security update



[DSA 3666-1] mysql-5.5 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3666-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 14, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2016-6662

Dawid Golunski discovered that the mysqld_safe wrapper provided by the
MySQL database server insufficiently restricted the load path for custom
malloc implementations, which could result in privilege escalation.

The vulnerability was addressed by upgrading MySQL to the new upstream
version 5.5.52, which includes additional changes, such as performance
improvements, bug fixes, new features, and possibly incompatible
changes. Please see the MySQL 5.5 Release Notes for further details:

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html

For the stable distribution (jessie), this problem has been fixed in
version 5.5.52-0+deb8u1.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3667-1] chromium-browser security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3667-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
September 15, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173
CVE-2016-5174 CVE-2016-5175 CVE-2016-7395

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-5170

A use-after-free issue was discovered in Blink/Webkit.

CVE-2016-5171

Another use-after-free issue was discovered in Blink/Webkit.

CVE-2016-5172

Choongwoo Han discovered an information leak in the v8 javascript
library.

CVE-2016-5173

A resource bypass issue was discovered in extensions.

CVE-2016-5174

Andrey Kovalev discoved a way to bypass the popup blocker.

CVE-2016-5175

The chrome development team found and fixed various issues during
internal auditing.

CVE-2016-7395

An uninitialized memory read issue was discovered in the skia library.

For the stable distribution (jessie), these problems have been fixed in
version 53.0.2785.113-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 53.0.2785.113-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/