Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 586704 (CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703, CVE-2016-1704) - <www-client/chromium-51.0.2704.103: Multiple Vulnerabilities (CVE-2016-{1697,1698,1699,1700,1701,1702,1703})
Summary: <www-client/chromium-51.0.2704.103: Multiple Vulnerabilities (CVE-2016-{1697,...
Status: RESOLVED FIXED
Alias: CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703, CVE-2016-1704
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-22 12:09 UTC by Aaron Bauman (RETIRED)
Modified: 2016-07-16 14:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Bauman (RETIRED) gentoo-dev 2016-06-22 12:09:24 UTC
The stable channel has been updated to 51.0.2704.103 for Windows, Mac, and Linux.

This update includes 3 security fixes. As usual, our ongoing internal security work was responsible for a wide range of fixes:

CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives.


Including older CVE's for a missed release...
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2016-06-22 12:10:33 UTC
CVE-2016-1703 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1703):
  Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2016-1702 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1702):
  The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used
  in Google Chrome before 51.0.2704.79, does not validate the interval count,
  which allows remote attackers to cause a denial of service (out-of-bounds
  read) via crafted serialized data.

CVE-2016-1701 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1701):
  The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles
  the interaction between field updates and JavaScript code that triggers a
  frame deletion, which allows remote attackers to cause a denial of service
  (use-after-free) or possibly have unspecified other impact via a crafted web
  site, a different vulnerability than CVE-2016-1690.

CVE-2016-1700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1700):
  extensions/renderer/runtime_custom_bindings.cc in Google Chrome before
  51.0.2704.79 does not consider side effects during creation of an array of
  extension views, which allows remote attackers to cause a denial of service
  (use-after-free) or possibly have unspecified other impact via vectors
  related to extensions.

CVE-2016-1699 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1699):
  WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka
  DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79,
  does not ensure that the remoteFrontendUrl parameter is associated with a
  chrome-devtools-frontend.appspot.com URL, which allows remote attackers to
  bypass intended access restrictions via a crafted URL.

CVE-2016-1698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1698):
  The createCustomType function in extensions/renderer/resources/binding.js in
  the extension bindings in Google Chrome before 51.0.2704.79 does not
  validate module types, which might allow attackers to load arbitrary modules
  or obtain sensitive information by leveraging a poisoned definition.

CVE-2016-1697 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1697):
  The FrameLoader::startLoad function in
  WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome
  before 51.0.2704.79, does not prevent frame navigations during
  DocumentLoader detach operations, which allows remote attackers to bypass
  the Same Origin Policy via crafted JavaScript code.
Comment 2 Mike Gilbert gentoo-dev 2016-06-23 01:32:35 UTC
51.0.2704.103 has been added to the gentoo repo and may be stabilized.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2016-06-23 03:07:14 UTC
Arches, please test and mark stable:

=www-client/chromium-51.0.2704.103

Target Keywords : "amd64 x86"

Thank you!
Comment 4 Richard Freeman gentoo-dev 2016-06-23 18:37:34 UTC
amd64 stable
Comment 5 Steven Davies 2016-06-25 19:16:19 UTC
It appears google-chrome-stable_51.0.2704.103-1_amd64.deb has been removed from the repository and replaced with google-chrome-stable_51.0.2704.106-1_amd64.deb.

>>> Downloading 'https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_51.0.2704.103-1_amd64.deb'
--2016-06-25 16:25:54--  https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_51.0.2704.103-1_amd64.deb
Resolving dl.google.com... 2a00:1450:4009:811::200e, 216.58.213.174
Connecting to dl.google.com|2a00:1450:4009:811::200e|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-06-25 16:25:54 ERROR 404: Not Found.
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2016-06-25 23:53:14 UTC
(In reply to Steven Davies from comment #5)
> It appears google-chrome-stable_51.0.2704.103-1_amd64.deb has been removed
> from the repository and replaced with
> google-chrome-stable_51.0.2704.106-1_amd64.deb.
> 
> >>> Downloading 'https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_51.0.2704.103-1_amd64.deb'
> --2016-06-25 16:25:54-- 
> https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/
> google-chrome-stable_51.0.2704.103-1_amd64.deb
> Resolving dl.google.com... 2a00:1450:4009:811::200e, 216.58.213.174
> Connecting to dl.google.com|2a00:1450:4009:811::200e|:443... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2016-06-25 16:25:54 ERROR 404: Not Found.

The package should be mirrored on Gentoo mirrors.  If this is still not working, please open another non-security bug.  Thank you.
Comment 7 Mike Gilbert gentoo-dev 2016-06-26 00:46:41 UTC
(In reply to Steven Davies from comment #5)

Chromium and google-chrome are separate packages; please do not hijack chromium bug reports to report fetch issues with google-chrome.
Comment 8 Agostino Sarubbo gentoo-dev 2016-06-27 08:52:35 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2016-06-27 10:08:30 UTC
GLSA request filed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-07-16 13:24:58 UTC
This issue was resolved and addressed in
 GLSA 201607-07 at https://security.gentoo.org/glsa/201607-07
by GLSA coordinator Aaron Bauman (b-man).
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2016-07-16 13:25:56 UTC
@maintainer(s), reopening for cleanup.  Please clean vulnerable versions.