|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0164 (chromium-browser-stable)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0164: Updated chromium-browser-stable packages fix security vulnerabilities 


Date:
    	      Thu, 23 Apr 2015 23:14:50 +0200


Message-ID:
    	      <20150423211450.69FD05AF4F@valstar.mageia.org>


MGASA-2015-0164 - Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 23 Apr 2015
URL: http://advisories.mageia.org/MGASA-2015-0164.html

Type: security
Affected Mageia releases: 4
CVE: CVE-2015-1235,
     CVE-2015-1236,
     CVE-2015-1237,
     CVE-2015-1238,
     CVE-2015-1240,
     CVE-2015-1241,
     CVE-2015-1242,
     CVE-2015-1244,
     CVE-2015-1245,
     CVE-2015-1246,
     CVE-2015-1247,
     CVE-2015-1248,
     CVE-2015-1249,
     CVE-2015-3333

Description:
Chromium-browser 42.0.2311.90 fixes several security issues, among others a 
cross-origin-bypass in HTML parser (CVE-2015-1235), a cross-origin-bypass 
in Blink (CVE-2015-1236), a use-after-free in IPC (CVE-2015-1237), an 
out-of-bounds write in Skia (CVE-2015-1238), an out-of-bounds read in WebGL 
(CVE-2015-1240), Tap-Jacking (CVE-2015-1241), type confusion in V8 
(CVE-2015-1242), HSTS bypass in WebSockets (CVE-2015-1244), a 
use-after-free in PDFium (CVE-2015-1245), an out-of-bounds read in Blink 
(CVE-2015-1246), scheme issues in OpenSearch, (CVE-2015-1247), and a 
SafeBrowsing bypass (CVE-2015-1248). Also included are various fixes from 
internal audits, fuzzing and other initiatives (CVE-2015-1249), and 
multiple vulnerabilities in V8 have been fixed at the tip of the 4.2 branch 
(currently 4.2.77.14) (CVE-2015-3333).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15702

- http://googlechromereleases.blogspot.com/2015/04/stable-c...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1235

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1236

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1237

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1238

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1240

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1242

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1245

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1246

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1247

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1249

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3333


SRPMS:
- 4/core/chromium-browser-stable-42.0.2311.90-1.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds