You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Chromium

Sigurnosni nedostaci programskog paketa Chromium

by ncert - 0

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201610-09
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: October 29, 2016
Bugs: #589278, #590420, #592630, #593708, #595614, #597016
ID: 201610-09

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in the Chromium web browser,
the worst of which allows remote attackers to execute arbitrary code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/chromium < 54.0.2840.59 >= 54.0.2840.59

Description
===========

Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for
details.

Impact
======

A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=www-client/chromium-54.0.2840.59”

References
==========

[ 1 ] CVE-2016-5127
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127
[ 2 ] CVE-2016-5128
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128
[ 3 ] CVE-2016-5129
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129
[ 4 ] CVE-2016-5130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130
[ 5 ] CVE-2016-5131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
[ 6 ] CVE-2016-5132
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132
[ 7 ] CVE-2016-5133
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133
[ 8 ] CVE-2016-5134
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134
[ 9 ] CVE-2016-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135
[ 10 ] CVE-2016-5136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136
[ 11 ] CVE-2016-5137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137
[ 12 ] CVE-2016-5138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138
[ 13 ] CVE-2016-5139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139
[ 14 ] CVE-2016-5140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140
[ 15 ] CVE-2016-5141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141
[ 16 ] CVE-2016-5142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142
[ 17 ] CVE-2016-5143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143
[ 18 ] CVE-2016-5144
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144
[ 19 ] CVE-2016-5145
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145
[ 20 ] CVE-2016-5146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146
[ 21 ] CVE-2016-5147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147
[ 22 ] CVE-2016-5148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148
[ 23 ] CVE-2016-5149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149
[ 24 ] CVE-2016-5150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150
[ 25 ] CVE-2016-5151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151
[ 26 ] CVE-2016-5152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152
[ 27 ] CVE-2016-5153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153
[ 28 ] CVE-2016-5154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154
[ 29 ] CVE-2016-5155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155
[ 30 ] CVE-2016-5156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156
[ 31 ] CVE-2016-5157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157
[ 32 ] CVE-2016-5158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158
[ 33 ] CVE-2016-5159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159
[ 34 ] CVE-2016-5160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160
[ 35 ] CVE-2016-5161
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161
[ 36 ] CVE-2016-5162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162
[ 37 ] CVE-2016-5163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163
[ 38 ] CVE-2016-5164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164
[ 39 ] CVE-2016-5165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165
[ 40 ] CVE-2016-5166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166
[ 41 ] CVE-2016-5167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167
[ 42 ] CVE-2016-5170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170
[ 43 ] CVE-2016-5171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171
[ 44 ] CVE-2016-5172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172
[ 45 ] CVE-2016-5173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173
[ 46 ] CVE-2016-5174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174
[ 47 ] CVE-2016-5175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175
[ 48 ] CVE-2016-5177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177
[ 49 ] CVE-2016-5178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178
[ 50 ] CVE-2016-5181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181
[ 51 ] CVE-2016-5182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182
[ 52 ] CVE-2016-5183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183
[ 53 ] CVE-2016-5184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184
[ 54 ] CVE-2016-5185
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185
[ 55 ] CVE-2016-5186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186
[ 56 ] CVE-2016-5187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187
[ 57 ] CVE-2016-5188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188
[ 58 ] CVE-2016-5189
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189
[ 59 ] CVE-2016-5190
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190
[ 60 ] CVE-2016-5191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191
[ 61 ] CVE-2016-5192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192
[ 62 ] CVE-2016-5193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193
[ 63 ] CVE-2016-5194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201610-09

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–

iQEcBAEBCgAGBQJYFJ/TAAoJECULev7WN52F/oIH/jLfwqYTMJKaF6CZjKrIiQMO
MQbe2AnQV0dlgdy0qsAxMGN1eKHYcQi4dI7aGlIk78kXDhHbcqNqSUwZcMLpTk4B
s85y2ul3uE8dLJci+ZLXi5hCgvdL58NS9G7ezdQjUrfQpdTl4b7w/LkbqFINgw6k
mCOlOpGuUeNDNo3AUsKDMCCUQgJE+L/Rzs6wdJblM24r4RLENXj3oxueLRG4a6Ht
ANt7AKb7hyIBP0qr9JBLQAXbHTfW27VyA14O0RjZ/fk3psu9TZ+uNsxoeRwziA0Y
Y/9v+8RKJSqVAZ9Em+qCP0EL8z31xiOw1yQO7RB4SdkLkGResD8U2jJvAEYelxE=
=4v1F
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Nadogradnja za KDE PIM Applications

Fedora je izdala nadogradnju za programski paket KDE PIM (Personal Information Manager) Applications koji uključuje ažuriranje više aplikacija. Otkriveni nedostaci...

Close