Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0042)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.131200

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2016-0042)

Zusammenfassung: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2016-0042 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2016-0042 advisory.

Vulnerability Insight:
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in
Google Chrome before 48.0.2564.82, does not ensure receiver compatibility
before performing a cast of an unspecified variable, which allows remote
attackers to cause a denial of service or possibly have unknown other
impact via crafted JavaScript code. (CVE-2016-1612)

Multiple use-after-free vulnerabilities in the formfiller implementation
in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote
attackers to cause a denial of service or possibly have unspecified other
impact via a crafted PDF document, related to improper tracking of the
destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
(CVE-2016-1613)

The UnacceleratedImageBufferSurface class in
WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in
Blink, as used in Google Chrome before 48.0.2564.82, mishandles the
initialization mode, which allows remote attackers to obtain sensitive
information from process memory via a crafted web site. (CVE-2016-1614)

The Omnibox implementation in Google Chrome before 48.0.2564.82 allows
remote attackers to spoof a document's origin via unspecified vectors.
(CVE-2016-1615)

The CustomButton::AcceleratorPressed function in
ui/views/controls/button/custom_button.cc in Google Chrome before
48.0.2564.82 allows remote attackers to spoof URLs via vectors involving
an unfocused custom button. (CVE-2016-1616)

The CSPSource::schemeMatches function in
WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy
(CSP) implementation in Blink, as used in Google Chrome before
48.0.2564.82, does not apply http policies to https URLs and does not
apply ws policies to wss URLs, which makes it easier for remote attackers
to determine whether a specific HSTS web site has been visited by reading
a CSP report. (CVE-2016-1617)

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that
a proper cryptographicallyRandomValues random number generator is used,
which makes it easier for remote attackers to defeat cryptographic
protection mechanisms via unspecified vectors. (CVE-2016-1618)

Multiple integer overflows in the (1) sycc422_to_rgb and (2)
sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium,
as used in Google Chrome before 48.0.2564.82, allow remote attackers to
cause a denial of service (out-of-bounds read) or possibly have
unspecified other impact via a crafted PDF document. (CVE-2016-1619)

Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82
allow attackers to cause a denial of service or possibly have other impact
via unknown vectors. (CVE-2016-1620)

The included V8 version 4.8.271.17 fixes multiple vulnerabilities.

Affected Software/OS:
'chromium-browser-stable' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1612
BugTraq ID: 81431
http://www.securityfocus.com/bid/81431
Debian Security Information: DSA-3456 (Google Search)
http://www.debian.org/security/2016/dsa-3456
https://security.gentoo.org/glsa/201603-09
RedHat Security Advisories: RHSA-2016:0072
http://rhn.redhat.com/errata/RHSA-2016-0072.html
http://www.securitytracker.com/id/1034801
SuSE Security Announcement: openSUSE-SU-2016:0249 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html
SuSE Security Announcement: openSUSE-SU-2016:0250 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html
SuSE Security Announcement: openSUSE-SU-2016:0271 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html
http://www.ubuntu.com/usn/USN-2877-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1613
BugTraq ID: 81430
http://www.securityfocus.com/bid/81430
Common Vulnerability Exposure (CVE) ID: CVE-2016-1614
Common Vulnerability Exposure (CVE) ID: CVE-2016-1615
Common Vulnerability Exposure (CVE) ID: CVE-2016-1616
Common Vulnerability Exposure (CVE) ID: CVE-2016-1617
Common Vulnerability Exposure (CVE) ID: CVE-2016-1618
Common Vulnerability Exposure (CVE) ID: CVE-2016-1619
Common Vulnerability Exposure (CVE) ID: CVE-2016-1620

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.131200
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0042)
Zusammenfassung:	The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2016-0042 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2016-0042 advisory. Vulnerability Insight: The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. (CVE-2016-1612) Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. (CVE-2016-1613) The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. (CVE-2016-1614) The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. (CVE-2016-1615) The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. (CVE-2016-1616) The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-1617) Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. (CVE-2016-1618) Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. (CVE-2016-1619) Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1620) The included V8 version 4.8.271.17 fixes multiple vulnerabilities. Affected Software/OS: 'chromium-browser-stable' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1612 BugTraq ID: 81431 http://www.securityfocus.com/bid/81431 Debian Security Information: DSA-3456 (Google Search) http://www.debian.org/security/2016/dsa-3456 https://security.gentoo.org/glsa/201603-09 RedHat Security Advisories: RHSA-2016:0072 http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securitytracker.com/id/1034801 SuSE Security Announcement: openSUSE-SU-2016:0249 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html SuSE Security Announcement: openSUSE-SU-2016:0250 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html SuSE Security Announcement: openSUSE-SU-2016:0271 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://www.ubuntu.com/usn/USN-2877-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1613 BugTraq ID: 81430 http://www.securityfocus.com/bid/81430 Common Vulnerability Exposure (CVE) ID: CVE-2016-1614 Common Vulnerability Exposure (CVE) ID: CVE-2016-1615 Common Vulnerability Exposure (CVE) ID: CVE-2016-1616 Common Vulnerability Exposure (CVE) ID: CVE-2016-1617 Common Vulnerability Exposure (CVE) ID: CVE-2016-1618 Common Vulnerability Exposure (CVE) ID: CVE-2016-1619 Common Vulnerability Exposure (CVE) ID: CVE-2016-1620
Copyright	Copyright (C) 2016 Greenbone AG