| Summary: | chromium-browser-stable new security issues fixed in 45.0.2454.85 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | cjw, davidwhodgins, shlomif, sysadmin-bugs, wilcal.int |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/656401/ | ||
| Whiteboard: | MGA4TOO advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK | ||
| Source RPM: | chromium-browser-stable-44.0.2403.107-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-09-02 16:42:53 CEST
David Walser
2015-09-02 16:43:02 CEST
Whiteboard:
(none) =>
MGA5TOO, MGA4TOO
David Walser
2015-09-02 22:29:44 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/656401/ chromium-browser-stable-45.0.2454.85-1.mga6 uploaded for Cauldron. Debian has issued an advisory for this on September 3: https://www.debian.org/security/2015/dsa-3351 Version:
Cauldron =>
5 Updated packages uploaded for Mageia 4 and Mageia 5. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium (CVE-2015-1291, CVE-2015-1292, CVE-2015-1293, CVE-2015-1294, CVE-2015-1295, CVE-2015-1296, CVE-2015-1297, CVE-2015-1298, CVE-2015-1299, CVE-2015-1300, CVE-2015-1301). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1299 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1301 http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_28.html http://googlechromereleases.blogspot.com/2015/08/stable-channel-update.html http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_11.html http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_20.html http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html https://rhn.redhat.com/errata/RHSA-2015-1712.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-45.0.2454.85-1.mga4 chromium-browser-stable-45.0.2454.85-1.mga4 chromium-browser-45.0.2454.85-1.mga5 chromium-browser-stable-45.0.2454.85-1.mga5 from SRPMS: chromium-browser-45.0.2454.85-1.mga4.src.rpm chromium-browser-45.0.2454.85-1.mga5.src.rpm CC:
(none) =>
cjw I'm going to do MGA5-64 now (and later MGA5-32). CC:
(none) =>
shlomif (In reply to Shlomi Fish from comment #3) > I'm going to do MGA5-64 now (and later MGA5-32). tested chromium-browser-stable / chromium-browser on a Mageia 5 x86-64 VirtualBox VM. Everything seems to be working fine except for sound in the YouTube video that I tried (the video displayed fine) but that maybe a VBox problem. Marking as MGA5-64-OK. Will do MGA5-32 now. Whiteboard:
MGA4TOO =>
MGA4TOO MGA5-64-OK Tested fine on Mageia 4 i586 too. Youtube is spotty, I haven't seen any with no sound, but have seen some where the video won't play at all. It just depends on the codecs used. I don't have Pepper Flash here and don't have tainted stuff, so it just depends on what HTML5 can run. Whiteboard:
MGA4TOO MGA5-64-OK =>
MGA4TOO MGA4-32-OK MGA5-64-OK I've got some bad news: on MGA5-i586 (on a VBox VM), I'm getting this on YouTube videos: http://www.shlomifish.org/Files/files/images/chromium-browser-in-an-mga5-i586-vm.png It happens on all YouTube videos that I tried (and I tried 3 including one that worked fine on MGA5-x86-64). What should we do? (In reply to Shlomi Fish from comment #6) > I've got some bad news: on MGA5-i586 (on a VBox VM), I'm getting this on > YouTube videos: > > http://www.shlomifish.org/Files/files/images/chromium-browser-in-an-mga5- > i586-vm.png > > It happens on all YouTube videos that I tried (and I tried 3 including one > that worked fine on MGA5-x86-64). What should we do? The same problem is also happening after rebooting the VM. It's working ok here, both in a Mageia 5 i586 real hardware system, and a Mageia 5 i586 vb guest running on a Mageia 4 x86_64 host. CC:
(none) =>
davidwhodgins (In reply to Dave Hodgins from comment #8) > It's working ok here, both in a Mageia 5 i586 real hardware system, and a > Mageia > 5 i586 vb guest running on a Mageia 4 x86_64 host. I've now checked it on a fresh install of Mageia 5 i586 from the KDE-LiveCD on a 32-bit VBox VM and can reproduce the same problem there. So it's strange. Lets remember that this is a security fix not a catch all bug for anything and everything that's wrong with the chromium-browser. Especially for problems that have been around for awhile. If the basic browser functions are there then lets move this along. CC:
(none) =>
wilcal.int In VirtualBox, M4, KDE, 64-bit Package(s) under test: chromium-browser default install of chromium-browser [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-44.0.2403.107-1.mga4.x86_64 is already installed Basic functions of the browser works. install package from updates_testing [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-45.0.2454.85-1.mga4.x86_64 is already installed Basic functions of the browser works. Whiteboard:
MGA4TOO MGA4-32-OK MGA5-64-OK =>
MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-64-OK In VirtualBox, M5, KDE, 32-bit Package(s) under test: chromium-browser default install of chromium-browser [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-44.0.2403.107-1.mga5.i586 is already installed Basic functions of the browser works. install package from updates_testing [root@localhost wilcal]# urpmi chromium-browser Package chromium-browser-45.0.2454.85-1.mga5.i586 is already installed Basic functions of the browser works.
William Kenney
2015-09-06 18:33:47 CEST
Whiteboard:
MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-64-OK =>
MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK This update works fine. Testing complete for MGA4 & MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks Keywords:
(none) =>
validated_update Thanks William, you're absolutely right, and this isn't a new issue, as I already explained in Comment 5. It's no different in 45 than it was in 44. Advisory uploaded. Whiteboard:
MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK =>
MGA4TOO advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0356.html Status:
NEW =>
RESOLVED |
