| Summary: | chromium-browser-stable new security issues fixed in 43.0.2357.130 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | cjw, davidwhodgins, shlomif, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/649372/ | ||
| Whiteboard: | MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK advisory | ||
| Source RPM: | chromium-browser-stable-43.0.2357.65-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-06-23 22:28:11 CEST
David Walser
2015-06-23 22:28:42 CEST
Whiteboard:
(none) =>
MGA5TOO, MGA4TOO chromium-browser-stable-43.0.2357.130-1.mga6 uploaded for Cauldron. Version:
Cauldron =>
5 RedHat has issued an advisory for this today (June 25): https://rhn.redhat.com/errata/RHSA-2015-1188.html URL:
(none) =>
http://lwn.net/Vulnerabilities/649372/ Updated packages are ready for testing: MGA4 SRPM: chromium-browser-stable-43.0.2357.130-1.mga4.src.rpm RPMS: chromium-browser-stable-43.0.2357.130-1.mga4.i586.rpm chromium-browser-43.0.2357.130-1.mga4.i586.rpm chromium-browser-stable-43.0.2357.130-1.mga4.x86_64.rpm chromium-browser-43.0.2357.130-1.mga4.x86_64.rpm MGA5 SRPM: chromium-browser-stable-43.0.2357.130-1.mga5.src.rpm RPMS: chromium-browser-stable-43.0.2357.130-1.mga5.i586.rpm chromium-browser-43.0.2357.130-1.mga5.i586.rpm chromium-browser-stable-43.0.2357.130-1.mga5.x86_64.rpm chromium-browser-43.0.2357.130-1.mga5.x86_64.rpm Proposed advisory: Chromium-browser 43.0.2357.130 fixes the following security issues: A scheme validation error in WebUI (CVE-2015-1266). Two cross-origin bypass issues in Blink (CVE-2015-1267, CVE-2015-1268). A normalization error in the HSTS/HPKP preload list (CVE-2015-1269). This update also disables the automatic, silent downloading and installation of "external components" like the hotword extension. References: http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 CC:
(none) =>
cjw Tested on an MGA5-i586 VM - everything seems fine. CC:
(none) =>
shlomif Tested on an x86-64 MGA4 VM - everything seems fine in the new chromium. Whiteboard:
MGA4TOO MGA5-32-OK =>
MGA4TOO MGA5-32-OK MGA4-64-OK Add MGA4-32-OK because tested ok on a Mageia 4 i586 VM. Whiteboard:
MGA4TOO MGA5-32-OK MGA4-64-OK =>
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK ing it . Whiteboard:
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK =>
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK Advisory committed to svn. Someone from the sysadmin team please push 16190.adv to updates for Mageia 4 and 5. Keywords:
(none) =>
validated_update Advisory is missing from SVN. Whiteboard:
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK advisory =>
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK Sorry, forgot to run the svn add before the svn ci. It's there now. Whiteboard:
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK =>
MGA4TOO MGA5-32-OK MGA4-64-OK MGA4-32-OK MGA5-64-OK advisory An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0265.html Status:
NEW =>
RESOLVED |