Security home

 

Home / mailingsPDF  

to;

Posted on 12 December 2017
Debian Security Advisory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4064-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
December 12, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416
CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420
CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426
CVE-2017-15427

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-15407

Ned Williamson discovered an out-of-bounds write issue.

CVE-2017-15408

Ke Liu discovered a heap overflow issue in the pdfium library.

CVE-2017-15409

An out-of-bounds write issue was discovered in the skia library.

CVE-2017-15410

Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15411

Luat Nguyen discovered a use-after-free issue in the pdfium library.

CVE-2017-15413

Gaurav Dewan discovered a type confusion issue.

CVE-2017-15415

Viktor Brange discovered an information disclosure issue.

CVE-2017-15416

Ned Williamson discovered an out-of-bounds read issue.

CVE-2017-15417

Max May discovered an information disclosure issue in the skia
library.

CVE-2017-15418

Kushal Arvind Shah discovered an uninitialized value in the skia
library.

CVE-2017-15419

Jun Kokatsu discoved an information disclosure issue.

CVE-2017-15420

WenXu Wu discovered a URL spoofing issue.

CVE-2017-15423

Greg Hudson discovered an issue in the boringssl library.

CVE-2017-15424

Khalil Zhani discovered a URL spoofing issue.

CVE-2017-15425

xisigr discovered a URL spoofing issue.

CVE-2017-15426

WenXu Wu discovered a URL spoofing issue.

CVE-2017-15427

Junaid Farhan discovered an issue with the omnibox.

For the stable distribution (stretch), these problems have been fixed in
version 63.0.3239.84-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

 

TOP

Mailings :

Exploits :