Bug 18546 - chromium-browser-stable new security issues fixed in 51.0.2704.63
Summary: chromium-browser-stable new security issues fixed in 51.0.2704.63
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/689242/
Whiteboard: advisory MGA5-32-OK MGA5-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-05-26 13:41 CEST by David Walser
Modified: 2016-06-02 23:41 CEST (History)
3 users (show)

See Also:
Source RPM: chromium-browser-stable-50.0.2661.102-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-05-26 13:41:26 CEST 
Upstream has released version 51.0.2704.63 on May 25:
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Comment 1 Christiaan Welvaart 2016-05-28 11:48:43 CEST 
Packages are available for testing:

MGA5
SRPM:
chromium-browser-stable-51.0.2704.63-1.mga5.src.rpm
RPMS:
chromium-browser-stable-51.0.2704.63-1.mga5.i586.rpm
chromium-browser-51.0.2704.63-1.mga5.i586.rpm
chromium-browser-stable-51.0.2704.63-1.mga5.x86_64.rpm
chromium-browser-51.0.2704.63-1.mga5.x86_64.rpm



Proposed advisory:


Chromium-browser-stable 51.0.2704.63 fixes security issues:

cross-origin bypass problems in extensions bindings (CVE-2016-1672 and CVE-2016-1676), blink (CVE-2016-1673 and CVE-2016-1675), and extensions (CVE-2016-1674)

heap use-after free bugs in V8 bindings (CVE-2016-1679), Skia (CVE-2016-1680), and Autofill (CVE-2016-1690)

heap buffer overflows in V8 (CVE-2016-1678), PDFium (CVE-2016-1681), media (CVE-2016-1689), and Skia (CVE-2016-1691)

out-of-bounds read errors in PDFium (CVE-2016-1685 and CVE-2016-1686) and V8 (CVE-2016-1688)

type confusion in V8 (CVE-2016-1677), a CSP bypass for ServiceWorker (CVE-2016-1682), an information leak in extensions (CVE-2016-1687), a limited cross-origin bypass in ServiceWorker (CVE-2016-1692), and HPKP pins removed on cache clearance (CVE-2016-1694)

various fixes from upstream's internal audits, fuzzing, and other initiatives (CVE-2016-1695)


References:
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695

CC: (none) => cjw
Assignee: cjw => qa-bugs

Comment 2 David Walser 2016-05-30 17:33:37 CEST 
OpenSuSE has issued an advisory for this on May 28:
https://lists.opensuse.org/opensuse-updates/2016-05/msg00115.html
Comment 3 David Walser 2016-05-30 17:34:34 CEST 
Working fine for me on Mageia 5 x86_64.  It looks a little different now.  I was surprised to see the hamburger changed to a vertical ellipsis.

Whiteboard: (none) => MGA5-64-OK

Comment 4 David Walser 2016-05-31 06:45:38 CEST 
Working fine on Mageia 5 i586 as well.

Whiteboard: MGA5-64-OK => MGA5-32-OK MGA5-64-OK

Comment 5 Lewis Smith 2016-05-31 10:37:16 CEST 
(In reply to David Walser from comment #3)
> Working fine for me on Mageia 5 x86_64.  It looks a little different now.  I
> was surprised to see the hamburger changed to a vertical ellipsis.
(In reply to David Walser from comment #4)
> Working fine on Mageia 5 i586 as well.
Sterling work yet again, thanks for doing it so speedily. Validating.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

David Walser 2016-06-01 13:16:03 CEST

URL: (none) => http://lwn.net/Vulnerabilities/689242/

Comment 6 David Walser 2016-06-02 13:49:01 CEST 
Hopefully we can get this pushed ASAP, as there's another Chrome update as of yesterday, so we're going to get another build of this soon.
Comment 7 claire robinson 2016-06-02 22:39:18 CEST 
Advisory uploaded.

Whiteboard: MGA5-32-OK MGA5-64-OK => advisory MGA5-32-OK MGA5-64-OK

Comment 8 Mageia Robot 2016-06-02 23:41:08 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0214.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.