| Summary: | <www-client/chromium-57.0.2987.133: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | chromium |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html | ||
| Whiteboard: | A2 [glsa cve] | ||
| Package list: |
www-client/chromium-57.0.2987.133
|
Runtime testing required: | Yes |
amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches and Maintainer(s). Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201704-02 at https://security.gentoo.org/glsa/201704-02 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : The stable channel has been updated to 57.0.2987.133 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$9337][698622] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar [$3000][699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs [$1000][662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin [$N/A][705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous [$N/A][702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587) @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.