Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2651
chromium-browser security update
21 October 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium-browser
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-6763 CVE-2015-6762 CVE-2015-6761
CVE-2015-6760 CVE-2015-6759 CVE-2015-6758
CVE-2015-6757 CVE-2015-6756 CVE-2015-6755
CVE-2015-1304 CVE-2015-1303
Reference: ASB-2015.0099
ASB-2015.0094
ESB-2015.2619
ESB-2015.2519
Original Bulletin:
http://www.debian.org/security/2015/dsa-3376
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3376-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
October 20, 2015 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2015-1303 CVE-2015-1304 CVE-2015-6755 CVE-2015-6756
CVE-2015-6757 CVE-2015-6758 CVE-2015-6759 CVE-2015-6760
CVE-2015-6761 CVE-2015-6762 CVE-2015-6763
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2015-1303
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in the DOM implementation.
CVE-2015-1304
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in the v8 javascript library.
CVE-2015-6755
Mariusz Mlynski discovered a way to bypass the Same Origin Policy
in blink/webkit.
CVE-2015-6756
A use-after-free issue was found in the pdfium library.
CVE-2015-6757
Collin Payne found a use-after-free issue in the ServiceWorker
implementation.
CVE-2015-6758
Atte Kettunen found an issue in the pdfium library.
CVE-2015-6759
Muneaki Nishimura discovered an information leak.
CVE-2015-6760
Ronald Crane discovered a logic error in the ANGLE library
involving lost device events.
CVE-2015-6761
Aki Helin and Khalil Zhani discovered a memory corruption issue in
the ffmpeg library.
CVE-2015-6762
Muneaki Nishimura discovered a way to bypass the Same Origin Policy
in the CSS implementation.
CVE-2015-6763
The chrome 46 development team found and fixed various issues
during internal auditing. Also multiple issues were fixed in
the v8 javascript library, version 4.6.85.23.
For the stable distribution (jessie), these problems have been fixed in
version 46.0.2490.71-1~deb8u1.
For the testing (stretch) and unstable (sid) distributions, these
problems have been fixed in version 46.0.2490.71-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJWJwEHAAoJELjWss0C1vRzawcf/2VLLVk0XIIvX6TajYjXf+O+
MFWcbB/EVhdMcF3JTekflcv/LRbYq2TnqWPb0W/AM7hOCWbk4mgD6stbe7l/j2QW
0o3FZkL7pCJL72kvXPxGdvHFs+Qhemrd8AAS9nIqWnqGGcTSC2IdFOLEXec77an7
pvQCjT6g/gBb2ywbip7Pv9G3n6oMGTwcBAklm+7So6OjZZpcFrfEqkv8a9zgqH6B
iSaoMws7iYaBisKn/5ot91lLbDIuRkSX8RfbG7b6s2v9WiN8bzPZUUJYpsBxf7m/
BY7bZYqpMhjDOEMQJ8NedgHnLabjpBXJi7gn444eHS9VGDgEBtduCJhUQ7oqq/Bl
PEZdBardMDwmV/DSDKGH0WHsAzmDInk5Bd9/yqNspIl0azYaEownEg5mQeU06G3Z
oIXX6l+hYzMRrLPEachAdHUyz7PhYU9X5uPUDtpkaGuJsylh2vyW5pGTumhdf/nt
ae6VRy5p57HD7atQc+lesNUbO5225QFwaBRf3t/e/nHyYWZHZS9hFWyPha1EGpEy
wuYYnjhSTh/kThEjDkROz3ayNod6NRJ8BkUfsgoj+Ui1cUASFdJtih/S2k70YM1e
mvq5P3kHEUrYVvHpM+m9ZyzbwcluQKS4he3WGlSTEAyS8BIoohZb6QQO+lTOYo2/
qjqBYRhe2GMlW8AYynjQsSdQcHpBxX+qH4kS5+C5swH7c7NogZo7KWdPENW8LQgP
irXB/u+RMbje5X3Qec/pG85vX196r+UUUQNV2ZFIlXbqgKGHWEeJ3+cNulJE2xet
XI5pthBmzxEG0Xpw2OOkjkpRg0W7C0QBlNRbCqsk6KhobhxapoqNmkb2BTxbAs8r
wqrL8R+c0JM0dYH+PuZeZmOyL3XJxHU9cCJUn2f0oCrBKLLSG9gj0v1a5ntqSEjH
A00PXcXq8IXXnIu+xXe6fU3RxcVY0YykKkZKkh003gRItOC45PBP3/gu3KRStNpB
zz4iL2jq4uwEPPgWAGS9BQrDgWaRxDnJPuF0C+uwfdTPLclHSKLewWbgH2zPa5ff
XV60fxw6PM3VyGO1lCfEOVoHHt1jtN9JlM14SuNLaC+y/jFqcVVJJOdqGKAjAqNk
O7fep+G46EPkpy9zTeM+CuekDdU8lClq8caLEC03zQK0C+0QA50zCRxJ6yBzpr8+
DstSjRoqCJLPbFTpHtMK9MEcEXXOyw+9d7/wF9sexNMhq0ONGs0KNFPb+H4dSG+A
LeYtlrgELMQYhWq2y4CB/5EKlljDY99axy/HyICfaRejcTPs6a6x7+vyrcoCcAAm
Co9vSkn7QQJKB942+uOPmcd9bjDhboLrBARbN8q4Rk0tYMYUqa2mwnyYAnSq1xE=
=OCPh
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVicVJn6ZAP0PgtI9AQKEkBAAztAcMcgyoT9sPXdQHfg0/to1jE11xNq5
nGXaYK8nkd+vWQ5NIBoSx+OCH4LCKzE6PHlbBmUWfFpY42ve1E52LwnAuq9dE8YD
xw5yxc0anHbRXx0j2jxJUX/+foJ3iCVfXM021mZD+KeSqp5nxXMj1F0qhKM8sMHB
FspXHvKFK+ANFZZbQej9tvGSevpAKjHlNUOY5B2sKh8TusYTqA/F8PvZqQP28zbi
qpifeOo3Fc41GHYHJWh4BfPWvmJltxfbMmk8x3Lw/W58W7cGaNPk2z7oprwRaWw/
t9ALTCvWOsb/w65n709iUNmfUqEREc4IMwZLr7ocT3SYHomyqDbxMxhsnph7Lvkq
5CmxOrQD5gc1u6Y8dh2P02xbQpiWg5G0Hm+YSE7lO8eKYJ1xFYmBw+ZWjQq/OoZL
1xUMLMmv7aRtbFpOlN9EyhiNfg71WBECpl5s56vZNHmWsr8HkpqKyYvEanqJdtQq
eOfc8VWL5BWw1inpp6qPROUG2KU37aUlXlADl0Mx3Md8J9TpgX7Ml3M5sUaKXtkh
UugDOcZ/fxezgiXmyWnJglr2phOq5IIiI4s3yKTCEkc9+HuH3LC5gyTsSj7Sdg4S
4g0pbFNnbwqwjJZ0jLb6EOZwE+tFDWsguEhbqt4/PDtQBIHhiZlhYJwRdThaP7RA
ZHh/tGRb4Mg=
=HRrW
-----END PGP SIGNATURE-----