Test ID:	1.3.6.1.4.1.25623.1.0.703637
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3637-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3637-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3637-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing. CVE-2016-1706 Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox. CVE-2016-1707 xisigr discovered a URL spoofing issue. CVE-2016-1708 Adam Varsan discovered a use-after-free issue. CVE-2016-1709 ChenQin discovered a buffer overflow issue in the sfntly library. CVE-2016-1710 Mariusz Mlynski discovered a same-origin bypass. CVE-2016-1711 Mariusz Mlynski discovered another same-origin bypass. CVE-2016-5127 cloudfuzzer discovered a use-after-free issue. CVE-2016-5128 A same-origin bypass issue was discovered in the v8 javascript library. CVE-2016-5129 Jeonghoon Shin discovered a memory corruption issue in the v8 javascript library. CVE-2016-5130 Widih Matar discovered a URL spoofing issue. CVE-2016-5131 Nick Wellnhofer discovered a use-after-free issue in the libxml2 library. CVE-2016-5132 Ben Kelly discovered a same-origin bypass. CVE-2016-5133 Patch Eudor discovered an issue in proxy authentication. CVE-2016-5134 Paul Stone discovered an information leak in the Proxy Auto-Config feature. CVE-2016-5135 ShenYeYinJiu discovered a way to bypass the Content Security Policy. CVE-2016-5136 Rob Wu discovered a use-after-free issue. CVE-2016-5137 Xiaoyin Liu discovered a way to discover whether an HSTS web site had been visited. For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.82-1~ deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 52.0.2743.82-1. We recommend that you upgrade your chromium-browser packages. Affected Software/OS: 'chromium-browser' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1704 Debian Security Information: DSA-3637 (Google Search) http://www.debian.org/security/2016/dsa-3637 RedHat Security Advisories: RHSA-2016:1262 https://access.redhat.com/errata/RHSA-2016:1262 SuSE Security Announcement: openSUSE-SU-2016:1623 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html SuSE Security Announcement: openSUSE-SU-2016:1624 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html SuSE Security Announcement: openSUSE-SU-2016:1626 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html SuSE Security Announcement: openSUSE-SU-2016:1655 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://www.ubuntu.com/usn/USN-3015-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1705 BugTraq ID: 92053 http://www.securityfocus.com/bid/92053 RedHat Security Advisories: RHSA-2016:1485 http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.securitytracker.com/id/1036428 SuSE Security Announcement: openSUSE-SU-2016:1865 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html SuSE Security Announcement: openSUSE-SU-2016:1868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:1869 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html SuSE Security Announcement: openSUSE-SU-2016:1918 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://www.ubuntu.com/usn/USN-3041-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1706 Common Vulnerability Exposure (CVE) ID: CVE-2016-1707 Common Vulnerability Exposure (CVE) ID: CVE-2016-1708 Common Vulnerability Exposure (CVE) ID: CVE-2016-1709 Common Vulnerability Exposure (CVE) ID: CVE-2016-1710 Common Vulnerability Exposure (CVE) ID: CVE-2016-1711 Common Vulnerability Exposure (CVE) ID: CVE-2016-5127 https://security.gentoo.org/glsa/201610-09 Common Vulnerability Exposure (CVE) ID: CVE-2016-5128 Common Vulnerability Exposure (CVE) ID: CVE-2016-5129 http://www.securitytracker.com/id/1038201 Common Vulnerability Exposure (CVE) ID: CVE-2016-5130 Common Vulnerability Exposure (CVE) ID: CVE-2016-5131 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html https://security.gentoo.org/glsa/201701-37 http://www.securitytracker.com/id/1038623 Common Vulnerability Exposure (CVE) ID: CVE-2016-5132 Common Vulnerability Exposure (CVE) ID: CVE-2016-5133 Common Vulnerability Exposure (CVE) ID: CVE-2016-5134 CERT/CC vulnerability note: VU#877625 https://www.kb.cert.org/vuls/id/877625 Common Vulnerability Exposure (CVE) ID: CVE-2016-5135 Common Vulnerability Exposure (CVE) ID: CVE-2016-5136 Common Vulnerability Exposure (CVE) ID: CVE-2016-5137
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.