[gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities

Fabricante: Gentoo
Fecha: 12/03/2016
Identificador: GLSA 201603-09
[gentoo-announce] [ GLSA 201603-09 ] Chromium: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201603-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: March 12, 2016 Bugs: #555640, #559384, #561448, #563098, #565510, #567308, #567870, #568396, #572542, #574416, #575434, #576354, #576858 ID: 201603-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 49.0.2623.87 >= 49.0.2623.87 Description =========== Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87" References ========== [ 1 ] CVE-2015-1270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270 [ 2 ] CVE-2015-1271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271 [ 3 ] CVE-2015-1272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272 [ 4 ] CVE-2015-1273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273 [ 5 ] CVE-2015-1274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274 [ 6 ] CVE-2015-1275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275 [ 7 ] CVE-2015-1276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276 [ 8 ] CVE-2015-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277 [ 9 ] CVE-2015-1278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278 [ 10 ] CVE-2015-1279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279 [ 11 ] CVE-2015-1280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280 [ 12 ] CVE-2015-1281 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281 [ 13 ] CVE-2015-1282 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282 [ 14 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 15 ] CVE-2015-1284 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284 [ 16 ] CVE-2015-1285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285 [ 17 ] CVE-2015-1286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286 [ 18 ] CVE-2015-1287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287 [ 19 ] CVE-2015-1288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288 [ 20 ] CVE-2015-1289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289 [ 21 ] CVE-2015-1291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291 [ 22 ] CVE-2015-1292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292 [ 23 ] CVE-2015-1293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293 [ 24 ] CVE-2015-1294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294 [ 25 ] CVE-2015-1295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295 [ 26 ] CVE-2015-1296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296 [ 27 ] CVE-2015-1297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297 [ 28 ] CVE-2015-1298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298 [ 29 ] CVE-2015-1299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299 [ 30 ] CVE-2015-1300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300 [ 31 ] CVE-2015-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302 [ 32 ] CVE-2015-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303 [ 33 ] CVE-2015-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304 [ 34 ] CVE-2015-6755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755 [ 35 ] CVE-2015-6756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756 [ 36 ] CVE-2015-6757 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757 [ 37 ] CVE-2015-6758 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758 [ 38 ] CVE-2015-6759 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759 [ 39 ] CVE-2015-6760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760 [ 40 ] CVE-2015-6761 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761 [ 41 ] CVE-2015-6762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762 [ 42 ] CVE-2015-6763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763 [ 43 ] CVE-2015-6764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764 [ 44 ] CVE-2015-6765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765 [ 45 ] CVE-2015-6766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766 [ 46 ] CVE-2015-6767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767 [ 47 ] CVE-2015-6768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768 [ 48 ] CVE-2015-6769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769 [ 49 ] CVE-2015-6770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770 [ 50 ] CVE-2015-6771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771 [ 51 ] CVE-2015-6772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772 [ 52 ] CVE-2015-6773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773 [ 53 ] CVE-2015-6774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774 [ 54 ] CVE-2015-6775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775 [ 55 ] CVE-2015-6776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776 [ 56 ] CVE-2015-6777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777 [ 57 ] CVE-2015-6778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778 [ 58 ] CVE-2015-6779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779 [ 59 ] CVE-2015-6780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780 [ 60 ] CVE-2015-6781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781 [ 61 ] CVE-2015-6782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782 [ 62 ] CVE-2015-6783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783 [ 63 ] CVE-2015-6784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784 [ 64 ] CVE-2015-6785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785 [ 65 ] CVE-2015-6786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786 [ 66 ] CVE-2015-6787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787 [ 67 ] CVE-2015-6788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788 [ 68 ] CVE-2015-6789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789 [ 69 ] CVE-2015-6790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790 [ 70 ] CVE-2015-6791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791 [ 71 ] CVE-2015-6792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792 [ 72 ] CVE-2015-8126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126 [ 73 ] CVE-2016-1612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612 [ 74 ] CVE-2016-1613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613 [ 75 ] CVE-2016-1614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614 [ 76 ] CVE-2016-1615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615 [ 77 ] CVE-2016-1616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616 [ 78 ] CVE-2016-1617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617 [ 79 ] CVE-2016-1618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618 [ 80 ] CVE-2016-1619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619 [ 81 ] CVE-2016-1620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620 [ 82 ] CVE-2016-1621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621 [ 83 ] CVE-2016-1622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622 [ 84 ] CVE-2016-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623 [ 85 ] CVE-2016-1624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624 [ 86 ] CVE-2016-1625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625 [ 87 ] CVE-2016-1626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626 [ 88 ] CVE-2016-1627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627 [ 89 ] CVE-2016-1628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628 [ 90 ] CVE-2016-1629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629 [ 91 ] CVE-2016-1630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630 [ 92 ] CVE-2016-1631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631 [ 93 ] CVE-2016-1632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632 [ 94 ] CVE-2016-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633 [ 95 ] CVE-2016-1634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634 [ 96 ] CVE-2016-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635 [ 97 ] CVE-2016-1636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636 [ 98 ] CVE-2016-1637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637 [ 99 ] CVE-2016-1638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638 [ 100 ] CVE-2016-1639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639 [ 101 ] CVE-2016-1640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640 [ 102 ] CVE-2016-1641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5