-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4064-1 security@xxxxxxxxxx https://www.debian.org/security/ Michael Gilbert December 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-15407 Ned Williamson discovered an out-of-bounds write issue. CVE-2017-15408 Ke Liu discovered a heap overflow issue in the pdfium library. CVE-2017-15409 An out-of-bounds write issue was discovered in the skia library. CVE-2017-15410 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-15411 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-15413 Gaurav Dewan discovered a type confusion issue. CVE-2017-15415 Viktor Brange discovered an information disclosure issue. CVE-2017-15416 Ned Williamson discovered an out-of-bounds read issue. CVE-2017-15417 Max May discovered an information disclosure issue in the skia library. CVE-2017-15418 Kushal Arvind Shah discovered an uninitialized value in the skia library. CVE-2017-15419 Jun Kokatsu discoved an information disclosure issue. CVE-2017-15420 WenXu Wu discovered a URL spoofing issue. CVE-2017-15423 Greg Hudson discovered an issue in the boringssl library. CVE-2017-15424 Khalil Zhani discovered a URL spoofing issue. CVE-2017-15425 xisigr discovered a URL spoofing issue. CVE-2017-15426 WenXu Wu discovered a URL spoofing issue. CVE-2017-15427 Junaid Farhan discovered an issue with the omnibox. For the stable distribution (stretch), these problems have been fixed in version 63.0.3239.84-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlovt/gACgkQuNayzQLW 9HNCpB//Se2Sq0zIXpibz/22YXknmUdQ9nnjsNUVDhc92r9HyGzU2Icn+WwGh8aH kg4tNk3tzE4Gf8qxpU3z3Z/KcyJURX1ZZZBxLJrLzU4xPY2ynCrOXzSTsgejBkAw gEfbyXHD0dJefdqHTmu1fquAg9OBKokMpf5HOJhUHe12erMjMTin+Su8DAUvE4Uq J0+hWJAPaeNKsml0bVSEshZBoaeqI6DxcA5tIQLaektlCG9BaxOriS6NXxf3v7TT r16Erb1PQq8CIdl36r9wMl3xqkDYcxJmsn88is7RxcG4W58FfCc0Bvaeqp5+ygGT RC+aN8+rNj8dTequVVBtyRhUY21GsggWWTkbJCu6dN1QcB7sAHcgtSe50eL+9w5E Ny2Jaym0UrCSmWvHb1wQZUHzWlogKjsrzuQC9Ces+QQmZbaoop626cKz5YjVQDp5 9NFIkJvFxMgY253mp61HL5nmgdfl1UqWM39mZ1aOOSRVMlw3rVk2cCNCbMVj7IBZ 3IuiEJ25pzo4fUE1gXMsGnHhn7Ppa8vCd8mfw9mzUTg6OY036O6Gzu4ljE6AF8z0 6rzKqzu0y4YckhWZz3XFH1TTkENXZbQCp1EmiwmOfLWGgG+sz15DwL8yk4LkNLts yqrH+XStq4B4D9hLLHw1ccmwsweRW9gychBVJIBb8mYhxK9BIvE5XGYL0Xol+SbR nKMNgswkM0KuiJO49jM4biP1GLFoU4LIT+vG7f/cfAbkPMAS6DLKzeFyMUnvOzn5 QFnJh3o2I62q21384svr0/WMbL1xzLQANRreSZLI45Ou1sUNraFgCR7m6Xnwr1T+ A5upVEitlzWR/EcIODNghrZbgtBAzGjLLAmHxmuXJhjb84LqXrp0EtKx+oQJvapE 3tkgCa308EDQEDqbRMEeaZcj3y3C2rGK8h95j4HBKjEfAPD2nx9D4kPZI36awM23 xX0QBA18VvG7TRTVgCv9nzXvzTFA8Fl5WHc5SAa+aKVlWvY9aZiTseSUZsoF9lYW nC6HUydTSoEZxjcH66l1upVfgctz/7yhhiKpeMx3ScunGnIpkCv3lHqMQmH6vasl Hce8vsQ78yPPHD5CLGp1QaailFeNw/X5ybMm2v/uGAkLWfXRaeW9ArM/ZYRpBltF DeFXbKFhNo+5tdCsFyIZ+oSswMhwwfrCXlP9tlKqcwBxfAYhHQOu4Lh/VFXbB6wW dz4aLG//Hx5Bj8qX4TEAv4T/dwnihPmGpodskFXU8oCvnEPWxmjRLAlBoWwiUhL3 L0FhUnql8v3z33ebJRnaE89CxpAeBn8WQrxeQJBfzx/6ZJS4wGe5S89IanrYHgx0 M2MFwAOexKQpMEwDU/reyyOTZsHDAQ== =66jZ -----END PGP SIGNATURE-----