Bug 15702

Summary: chromium-browser-stable new security issues fixed in 42.0.2311.90
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: cjw, shlomif, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/640604/
Whiteboard: MGA4-64-OK has_procedure MGA4-32-OK advisory
Source RPM: chromium-browser-stable-41.0.2272.118-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-04-15 15:03:46 CEST 
Upstream has released version 42.0.2311.90 on April 14:
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
David Walser 2015-04-15 15:03:52 CEST

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David Walser 2015-04-16 16:56:39 CEST 
RedHat has issued an advisory for this today (April 16):
https://rhn.redhat.com/errata/RHSA-2015-0816.html

URL: (none) => http://lwn.net/Vulnerabilities/640604/

Comment 2 Christiaan Welvaart 2015-04-19 23:20:54 CEST 
Updated packages are ready for testing:

MGA4
Source RPM:
chromium-browser-stable-42.0.2311.90-1.mga4.src.rpm

Binary RPMS:
chromium-browser-stable-42.0.2311.90-1.mga4.i586.rpm
chromium-browser-42.0.2311.90-1.mga4.i586.rpm
chromium-browser-stable-42.0.2311.90-1.mga4.x86_64.rpm
chromium-browser-42.0.2311.90-1.mga4.x86_64.rpm


Proposed advisory:


Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser (CVE-2015-1235), a cross-origin-bypass in Blink (CVE-2015-1236), a use-after-free in IPC (CVE-2015-1237), an out-of-bounds write in Skia (CVE-2015-1238), an out-of-bounds read in WebGL (CVE-2015-1240), Tap-Jacking (CVE-2015-1241), type confusion in V8 (CVE-2015-1242), HSTS bypass in WebSockets (CVE-2015-1244), a use-after-free in PDFium (CVE-2015-1245), an out-of-bounds read in Blink (CVE-2015-1246), scheme issues in OpenSearch, (CVE-2015-1247), and a SafeBrowsing bypass (CVE-2015-1248).



References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

Version: Cauldron => 4
Assignee: cjw => qa-bugs

Christiaan Welvaart 2015-04-19 23:21:22 CEST

CC: (none) => cjw

David Walser 2015-04-20 01:46:24 CEST

Whiteboard: MGA5TOO, MGA4TOO => (none)

Comment 3 Shlomi Fish 2015-04-20 11:26:36 CEST 
chromium-browser-stable runs fine on an MGA4 x86-64 VM: google, duckduckgo, wikipedia , html5games.com , YouTube and Jamendo all run fine. Putting MGA4-64-OK

CC: (none) => shlomif
Whiteboard: (none) => MGA4-64-OK has_procedure

Comment 4 Shlomi Fish 2015-04-20 11:43:12 CEST 
(In reply to Shlomi Fish from comment #3)
> chromium-browser-stable runs fine on an MGA4 x86-64 VM: google, duckduckgo,
> wikipedia , html5games.com , YouTube and Jamendo all run fine. Putting
> MGA4-64-OK

It also runs fine on MGA4-32-OK .

Whiteboard: MGA4-64-OK has_procedure => MGA4-64-OK has_procedure MGA4-32-OK

Comment 5 claire robinson 2015-04-22 17:31:51 CEST 
David, do you want to flesh out the advisory?
Comment 6 David Walser 2015-04-22 17:47:31 CEST 
Not really, but it is missing CVE-2015-1249, so that needs to be added.

OpenSuSE has issued an advisory for this today (April 22):
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

I noticed that they have some additional CVEs listed, CVE-2015-333[3-6].  I'm not sure where they got those from.

Christiaan, can you update the advisory?
Comment 7 Christiaan Welvaart 2015-04-22 18:03:09 CEST 
Oops, here's an updated advisory. To add the other suse CVEs I'd have to check sources but no time for that now (NaCl doesn't apply AFAIK).


Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser (CVE-2015-1235), a cross-origin-bypass in Blink (CVE-2015-1236), a use-after-free in IPC (CVE-2015-1237), an out-of-bounds write in Skia (CVE-2015-1238), an out-of-bounds read in WebGL (CVE-2015-1240), Tap-Jacking (CVE-2015-1241), type confusion in V8 (CVE-2015-1242), HSTS bypass in WebSockets (CVE-2015-1244), a use-after-free in PDFium (CVE-2015-1245), an out-of-bounds read in Blink (CVE-2015-1246), scheme issues in OpenSearch, (CVE-2015-1247), and a SafeBrowsing bypass (CVE-2015-1248). Also included are various fixes from internal audits, fuzzing and other initiatives (CVE-2015-1249), and multiple vulnerabilities in V8 have been fixed at the tip of the 4.2 branch (currently 4.2.77.14) (CVE-2015-3333).



References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3333
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
Comment 8 David Walser 2015-04-22 19:31:46 CEST 
LWN reference for CVE-2015-233[3-6]:
http://lwn.net/Vulnerabilities/641428/
Comment 9 claire robinson 2015-04-23 22:19:49 CEST 
Validating. Advisory from comment 7 uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA4-64-OK has_procedure MGA4-32-OK => MGA4-64-OK has_procedure MGA4-32-OK advisory
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2015-04-23 23:15:10 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0164.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED