Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 02 Jun 2016Modification date: 02 Jun 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1672 , CVE-2016-1673 , CVE-2016-1674 , CVE-2016-1675 , CVE-2016-1676 , CVE-2016-1677 , CVE-2016-1678 , CVE-2016-1679 , CVE-2016-1680 , CVE-2016-1681 , CVE-2016-1682 , CVE-2016-1685 , CVE-2016-1686 , CVE-2016-1687 , CVE-2016-1688 , CVE-2016-1689 , CVE-2016-1690 , CVE-2016-1691 , CVE-2016-1692 , CVE-2016-1694 , CVE-2016-1695
Description
Chromium-browser-stable 51.0.2704.63 fixes security issues:
cross-origin bypass problems in extensions bindings (CVE-2016-1672 and
CVE-2016-1676), blink (CVE-2016-1673 and CVE-2016-1675), and extensions
(CVE-2016-1674)
heap use-after free bugs in V8 bindings (CVE-2016-1679), Skia (CVE-2016-1680),
and Autofill (CVE-2016-1690)
heap buffer overflows in V8 (CVE-2016-1678), PDFium (CVE-2016-1681), media
(CVE-2016-1689), and Skia (CVE-2016-1691)
out-of-bounds read errors in PDFium (CVE-2016-1685 and CVE-2016-1686) and V8
(CVE-2016-1688)
type confusion in V8 (CVE-2016-1677), a CSP bypass for ServiceWorker
(CVE-2016-1682), an information leak in extensions (CVE-2016-1687), a limited
cross-origin bypass in ServiceWorker (CVE-2016-1692), and HPKP pins removed on
cache clearance (CVE-2016-1694)
various fixes from upstream's internal audits, fuzzing, and other initiatives
(CVE-2016-1695)
References
- https://bugs.mageia.org/show_bug.cgi?id=18546
- http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695
SRPMS
5/core
- chromium-browser-stable-51.0.2704.63-1.mga5