[arch-security] [ASA-201603-1] chromium: multiple issues
rgacogne at archlinux.org
Thu Mar 3 20:36:09 UTC 2016
Arch Linux Security Advisory ASA-201603-1
Date : 2016-03-03
CVE-ID : CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632
CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637
CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package chromium before version 49.0.2623.75-1 is vulnerable to
Upgrade to 49.0.2623.75-1.
# pacman -Syu "chromium>=49.0.2623.75-1"
The problem has been fixed upstream in version 49.0.2623.75.
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have
unspecified other impact. These functions failed to check for an
out-of-range palette when reading or writing PNG files with a bit_depth
less than 8. Some applications might read the bit depth from the IHDR
chunk and allocate memory for a 2^N entry palette, while libpng can
return a palette with up to 256 entries even when the bit depth is less
Same-origin bypass in Blink. Credit to Mariusz Mlynski.
Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
Bad cast in Extensions.
- CVE-2016-1633, CVE-2016-1634:
Use-after-free in Blink. Credit to cloudfuzzer.
Use-after-free in Blink. Credit to Rob Wu.
SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan.
Information Leak in Skia. Credit to Keve Nagy.
WebAPI Bypass. Credit to Rob Wu.
Use-after-free in WebRTC. Credit to Khalil Zhani.
Origin confusion in Extensions UI. Credit to Luan Herrera.
Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
Various fixes from internal audits, fuzzing and other initiatives.
A remote attacker can bypass restrictions like the same-origin policy
and the WebAPI restrictions, or have other unspecified impact.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security