Bug 18444

Summary: chromium-browser-stable new security issues fixed in 50.0.2661.102
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: cjw, lewyssmith, sysadmin-bugs, wrw105
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/687394/
Whiteboard: has_procedure mga5-32-ok mga5-64-ok advisory
Source RPM: chromium-browser-stable-50.0.2661.94-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-05-12 13:46:26 CEST 
Upstream has released version 50.0.2661.102 on May 11:
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Comment 1 Christiaan Welvaart 2016-05-13 12:52:53 CEST 
Updated packages are available for testing:

MGA5
SRPM:
chromium-browser-stable-50.0.2661.102-1.mga5.src.rpm
RPMS:
chromium-browser-stable-50.0.2661.102-1.mga5.i586.rpm
chromium-browser-50.0.2661.102-1.mga5.i586.rpm
chromium-browser-stable-50.0.2661.102-1.mga5.x86_64.rpm
chromium-browser-50.0.2661.102-1.mga5.x86_64.rpm


Proposed advisory:


Chromium-browser-stable 50.0.2661.102 fixes several security issues: same origin bypass vulnerabilities in DOM (CVE-2016-1667) and the Blink V8 bindings (CVE-2016-1668), a buffer overflow in V8 (CVE-2016-1669), and a race condition in the loader (CVE-2016-1670).

References:
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670

CC: (none) => cjw
Assignee: cjw => qa-bugs

Comment 2 Bill Wilkinson 2016-05-13 17:49:47 CEST 
mga5-64

Tested general browsing, Jetstream for javascript, a YouTube video, acid3, all OK.

CC: (none) => wrw105
Whiteboard: (none) => has_procedure mga5-64-ok

David Walser 2016-05-13 18:22:45 CEST

URL: (none) => http://lwn.net/Vulnerabilities/687394/

Comment 3 David Walser 2016-05-14 04:32:46 CEST 
Working well on Mageia 5 i586 also.

Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok

Lewis Smith 2016-05-17 20:49:17 CEST

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 4 Lewis Smith 2016-05-17 20:59:09 CEST 
The update validated, and advisory uploaded.

Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok advisory

Comment 5 Mageia Robot 2016-05-18 22:15:30 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0183.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED