16848 – chromium-browser-stable new security issues fixed in 45.0.2454.101

Bug 16848 - chromium-browser-stable new security issues fixed in 45.0.2454.101

Summary: chromium-browser-stable new security issues fixed in 45.0.2454.101

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	i586 Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/658593/
Whiteboard:	has_procedure advisory mga5-32-ok mga...
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2015-09-28 19:45 CEST by David Walser
Modified:	2015-10-03 23:16 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	chromium-browser-45.0.2454.85-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-09-28 19:45:14 CEST

Upstream has released version 45.0.2454.101 on September 24:
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

This fixes two new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2015-09-28 19:46:10 CEST

Bugfix updates since the last security update:
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_15.html
http://googlechromereleases.blogspot.com/2015/09/stable-channel-refresh.html

Comment 2 David Walser 2015-09-29 20:57:13 CEST

RedHat has issued an advisory for this today (September 29):
https://rhn.redhat.com/errata/RHSA-2015-1841.html

Comment 3 David Walser 2015-10-01 21:31:15 CEST

Checked into SVN.  Will push later when the build system is usable.

Comment 4 David Walser 2015-10-01 23:13:16 CEST

Updated packages building now for Mageia 5 and Cauldron.

Advisory:
========================

Updated chromium-browser-stable packages fix security vulnerabilities:

Two flaws were found in the processing of malformed web content. A web page
containing malicious content could cause Chromium to bypass cross origin
restrictions, and access or modify data from an unrelated web site
(CVE-2015-1303, CVE-2015-1304).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1304
http://googlechromereleases.blogspot.com/2015/09/stable-channel-refresh.html
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_15.html
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html
https://rhn.redhat.com/errata/RHSA-2015-1841.html
========================

Updated packages in core/updates_testing:
========================
chromium-browser-45.0.2454.101-1.mga5
chromium-browser-stable-45.0.2454.101-1.mga5

from chromium-browser-45.0.2454.101-1.mga5.src.rpm

Assignee: cjw => qa-bugs

Comment 5 claire robinson 2015-10-02 23:29:47 CEST

Advisory uploaded.

Whiteboard: (none) => advisory

Comment 6 claire robinson 2015-10-03 13:29:11 CEST

Testing complete mga5 32

Ensured chromium-browser-stable was required by chromium-browser. Tested with general browsing.

Whiteboard: advisory => has_procedure advisory mga5-32-ok

Comment 7 Bill Wilkinson 2015-10-03 15:15:07 CEST

Tested mga5-64.

Jetstream test for JavaScript, acid3 general use, general browsing.  All OK

Validating. Ready to push to updates.

Whiteboard: has_procedure advisory mga5-32-ok => has_procedure advisory mga5-32-ok mga5-64-ok
Keywords: (none) => validated_update
CC: (none) => wrw105, sysadmin-bugs

Comment 8 Mageia Robot 2015-10-03 23:16:10 CEST

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0389.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.