ID

VAR-201607-0235

CVE

CVE-2016-5131

TITLE

Google Chrome Resource Management Error Vulnerability

DESCRIPTION

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. A use-after-free vulnerability exists in libxml2 2.9.4 and earlier versions used in Google Chrome versions earlier than 52.0.2743.82. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox. CVE-2016-1709 ChenQin a buffer overflow issue in the sfntly library. CVE-2016-5128 A same-origin bypass issue was discovered in the v8 javascript library. CVE-2016-5132 Ben Kelly discovered a same-origin bypass. CVE-2016-5137 Xiaoyin Liu discovered a way to discover whether an HSTS web side had been visited. For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.82-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 52.0.2743.82-1. We recommend that you upgrade your chromium-browser packages. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. ========================================================================= Ubuntu Security Notice USN-3041-1 August 05, 2016 oxide-qt vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine for Qt (QML plugin) Details: Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706) It was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypas s same origin restrictions. (CVE-2016-1710) It was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1711) A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploi t this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127) It was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128) A memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploi t this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129) A security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5130) A use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploi t this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131) The Service Workers implementation in Chromium does not properly implemen t the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132) It was discovered that Chromium mishandles origin information during prox y authentication. A man-in-the-middle attacker could potentially exploit th is to spoof a proxy authentication login prompt. (CVE-2016-5133) It was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitiv e information. (CVE-2016-5134) It was discovered that Blink does not consider referrer-policy informatio n inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135) It was discovered that the Content Security Policy (CSP) implementation i n Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-5137) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: liboxideqtcore0 1.16.5-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: liboxideqtcore0 1.16.5-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2020:1190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1190 Issue date: 2020-03-31 CVE Names: CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 ==================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131) * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412) * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035) * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258) * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1277146 - CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression 1358641 - CVE-2016-5131 libxml2: Use after free triggered by XPointer paths beginning with range-to 1523128 - CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c 1566749 - CVE-2017-18258 libxml2: Unrestricted memory usage in xz_head() function in xzlib.c 1595985 - CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c 1619875 - CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm ppc64: libxml2-2.9.1-6.el7.4.ppc.rpm libxml2-2.9.1-6.el7.4.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc64.rpm libxml2-devel-2.9.1-6.el7.4.ppc.rpm libxml2-devel-2.9.1-6.el7.4.ppc64.rpm libxml2-python-2.9.1-6.el7.4.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7.4.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc64le.rpm libxml2-devel-2.9.1-6.el7.4.ppc64le.rpm libxml2-python-2.9.1-6.el7.4.ppc64le.rpm s390x: libxml2-2.9.1-6.el7.4.s390.rpm libxml2-2.9.1-6.el7.4.s390x.rpm libxml2-debuginfo-2.9.1-6.el7.4.s390.rpm libxml2-debuginfo-2.9.1-6.el7.4.s390x.rpm libxml2-devel-2.9.1-6.el7.4.s390.rpm libxml2-devel-2.9.1-6.el7.4.s390x.rpm libxml2-python-2.9.1-6.el7.4.s390x.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7.4.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.4.ppc64.rpm libxml2-static-2.9.1-6.el7.4.ppc.rpm libxml2-static-2.9.1-6.el7.4.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7.4.ppc64le.rpm libxml2-static-2.9.1-6.el7.4.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7.4.s390.rpm libxml2-debuginfo-2.9.1-6.el7.4.s390x.rpm libxml2-static-2.9.1-6.el7.4.s390.rpm libxml2-static-2.9.1-6.el7.4.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7.4.src.rpm x86_64: libxml2-2.9.1-6.el7.4.i686.rpm libxml2-2.9.1-6.el7.4.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-devel-2.9.1-6.el7.4.i686.rpm libxml2-devel-2.9.1-6.el7.4.x86_64.rpm libxml2-python-2.9.1-6.el7.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm libxml2-static-2.9.1-6.el7.4.i686.rpm libxml2-static-2.9.1-6.el7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8035 https://access.redhat.com/security/cve/CVE-2016-5131 https://access.redhat.com/security/cve/CVE-2017-15412 https://access.redhat.com/security/cve/CVE-2017-18258 https://access.redhat.com/security/cve/CVE-2018-14404 https://access.redhat.com/security/cve/CVE-2018-14567 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOdR9zjgjWX9erEAQhgbQ/+JolcknqNffv7HQZNxYOtS/M2Zx/E3IB4 QwmkXhfmgV44ig4prUpghE/+O5eTUPjqSq6rHjih/pjCjG4bVcK6BptxBFi7WQwo GM0ryvm0p0fib0dy+Ov3NNC6Dhg32NIVwC0pWTIEdYcOGBfDY3mXlLXx5aHefisu p1C7F6rP4xxMRDOlQhAB4UPMkPSD/MtKIyxIEqiAT5olybSTl0um2AB5XtLlCbkT h4IXDsAyswvBIS/bxnyZkn6oHEiD3JBwcP+ZU0jgSEy34O92ttV7hRQb1H1+YHOO li1bX5IcbmFzATwBfCZQmNfrp/XU4Ra28GT/3JGntnhhxFmz1xe/h5YNJTwZ+0TX yxKZdAz3brm/mt6uvbY4PpGERyA+X/Moz4ToXCEL2jVfSXbOuajRtCV8Cp3X7bCd Ed2imuXZQPpUXNVdF73RJ7YB6vEhQRIdlKgEXzPPpuHFH1HprvSLoJyrDD1T8bfx TVrrmvtWKtXq0DYSD7wGw23WZJJeUIgyKiZNTlIxvb0c7r8+aZ+toY07sZlBkTCA cjWNRnHDNkdYH2ZoNPQlzYzk5rSYGqhoOvF85pNCY4v4fofyMEnyAY7MEZ/Z991X Ko2ShKSzEtKSMcx2B2wPg+hFcACP8HbKxSbW3SzoCSKCOGEAPLQlJ5eHXwLOAO3Q IZIK7xZywNw=8RZh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformed documents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-5 watchOS 3 The watchOS 3 advisory has been updated to include additional entries as noted below. Audio Available for: All Apple Watch models Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: All Apple Watch models Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 GeoServices Available for: All Apple Watch models Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation. CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt) IOAcceleratorFamily Available for: All Apple Watch models Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: An anonymous researcher Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: All Apple Watch models Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4737: Apple Entry added September 20, 2016 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P 3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0 4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt yHVD9Vuo3lqcs8fMnUow =yYuL -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201610-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: October 29, 2016 Bugs: #589278, #590420, #592630, #593708, #595614, #597016 ID: 201610-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-54.0.2840.59" References ========== [ 1 ] CVE-2016-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127 [ 2 ] CVE-2016-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128 [ 3 ] CVE-2016-5129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129 [ 4 ] CVE-2016-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130 [ 5 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 [ 6 ] CVE-2016-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132 [ 7 ] CVE-2016-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133 [ 8 ] CVE-2016-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134 [ 9 ] CVE-2016-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135 [ 10 ] CVE-2016-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136 [ 11 ] CVE-2016-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137 [ 12 ] CVE-2016-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138 [ 13 ] CVE-2016-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139 [ 14 ] CVE-2016-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140 [ 15 ] CVE-2016-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141 [ 16 ] CVE-2016-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142 [ 17 ] CVE-2016-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143 [ 18 ] CVE-2016-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144 [ 19 ] CVE-2016-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145 [ 20 ] CVE-2016-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146 [ 21 ] CVE-2016-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147 [ 22 ] CVE-2016-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148 [ 23 ] CVE-2016-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149 [ 24 ] CVE-2016-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150 [ 25 ] CVE-2016-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151 [ 26 ] CVE-2016-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152 [ 27 ] CVE-2016-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153 [ 28 ] CVE-2016-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154 [ 29 ] CVE-2016-5155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155 [ 30 ] CVE-2016-5156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156 [ 31 ] CVE-2016-5157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157 [ 32 ] CVE-2016-5158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158 [ 33 ] CVE-2016-5159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159 [ 34 ] CVE-2016-5160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160 [ 35 ] CVE-2016-5161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161 [ 36 ] CVE-2016-5162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162 [ 37 ] CVE-2016-5163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163 [ 38 ] CVE-2016-5164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164 [ 39 ] CVE-2016-5165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165 [ 40 ] CVE-2016-5166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166 [ 41 ] CVE-2016-5167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167 [ 42 ] CVE-2016-5170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170 [ 43 ] CVE-2016-5171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171 [ 44 ] CVE-2016-5172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172 [ 45 ] CVE-2016-5173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173 [ 46 ] CVE-2016-5174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174 [ 47 ] CVE-2016-5175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175 [ 48 ] CVE-2016-5177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177 [ 49 ] CVE-2016-5178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178 [ 50 ] CVE-2016-5181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181 [ 51 ] CVE-2016-5182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182 [ 52 ] CVE-2016-5183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183 [ 53 ] CVE-2016-5184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184 [ 54 ] CVE-2016-5185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185 [ 55 ] CVE-2016-5186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186 [ 56 ] CVE-2016-5187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187 [ 57 ] CVE-2016-5188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188 [ 58 ] CVE-2016-5189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189 [ 59 ] CVE-2016-5190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190 [ 60 ] CVE-2016-5191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191 [ 61 ] CVE-2016-5192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192 [ 62 ] CVE-2016-5193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193 [ 63 ] CVE-2016-5194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201610-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Debian

SOURCES

LAST UPDATE DATE

2025-03-26T22:33:47.406000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE