Bug 16848

Summary: chromium-browser-stable new security issues fixed in 45.0.2454.101
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: sysadmin-bugs, wrw105
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/658593/
Whiteboard: has_procedure advisory mga5-32-ok mga5-64-ok
Source RPM: chromium-browser-45.0.2454.85-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-09-28 19:45:14 CEST 
Upstream has released version 45.0.2454.101 on September 24:
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

This fixes two new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:
Comment 2 David Walser 2015-09-29 20:57:13 CEST 
RedHat has issued an advisory for this today (September 29):
https://rhn.redhat.com/errata/RHSA-2015-1841.html
Comment 3 David Walser 2015-10-01 21:31:15 CEST 
Checked into SVN.  Will push later when the build system is usable.
Comment 4 David Walser 2015-10-01 23:13:16 CEST 
Updated packages building now for Mageia 5 and Cauldron.

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

Two flaws were found in the processing of malformed web content. A web page
containing malicious content could cause Chromium to bypass cross origin
restrictions, and access or modify data from an unrelated web site
(CVE-2015-1303, CVE-2015-1304).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1304
http://googlechromereleases.blogspot.com/2015/09/stable-channel-refresh.html
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_15.html
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html
https://rhn.redhat.com/errata/RHSA-2015-1841.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-45.0.2454.101-1.mga5
chromium-browser-stable-45.0.2454.101-1.mga5

from chromium-browser-45.0.2454.101-1.mga5.src.rpm

Assignee: cjw => qa-bugs

Comment 5 claire robinson 2015-10-02 23:29:47 CEST 
Advisory uploaded.

Whiteboard: (none) => advisory

Comment 6 claire robinson 2015-10-03 13:29:11 CEST 
Testing complete mga5 32

Ensured chromium-browser-stable was required by chromium-browser. Tested with general browsing.

Whiteboard: advisory => has_procedure advisory mga5-32-ok

Comment 7 Bill Wilkinson 2015-10-03 15:15:07 CEST 
Tested mga5-64.

Jetstream test for JavaScript, acid3 general use, general browsing.  All OK

Validating. Ready to push to updates.

Whiteboard: has_procedure advisory mga5-32-ok => has_procedure advisory mga5-32-ok mga5-64-ok
Keywords: (none) => validated_update
CC: (none) => wrw105, sysadmin-bugs

Comment 8 Mageia Robot 2015-10-03 23:16:10 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0389.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED