Bug 19134 - chromium-browser-stable new security issues fixed in 52.0.2743.116
Summary: chromium-browser-stable new security issues fixed in 52.0.2743.116
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/696700/
Whiteboard: has_procedure mga5-64-ok advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-08-06 00:21 CEST by David Walser
Modified: 2016-08-09 10:59 CEST (History)
4 users (show)

See Also:
Source RPM: chromium-browser-stable-52.0.2743.82-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-08-06 00:21:52 CEST 
Upstream has released version 52.0.2743.116 on August 3:
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html

This fixes several new security issues.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Comment 1 Christiaan Welvaart 2016-08-06 15:50:06 CEST 
Packages are available for testing:

MGA5
SRPM:
chromium-browser-stable-52.0.2743.116-1.mga5.src.rpm
RPMS:
chromium-browser-stable-52.0.2743.116-1.mga5.i586.rpm
chromium-browser-52.0.2743.116-1.mga5.i586.rpm
chromium-browser-stable-52.0.2743.116-1.mga5.x86_64.rpm
chromium-browser-52.0.2743.116-1.mga5.x86_64.rpm


Advisory:


Chromium-browser-stable 52.0.2743.116 fixes security issues: two heap overflow issues in pdfium (CVE-2016-5139 and CVE-2016-5140); an address bar spoofing problem (CVE-2016-5141); a use-after-free bug (CVE-2016-5142) and a same origin bypass problem (CVE-2016-5145) in blink; two parameter sanitization failures in DevTools (CVE-2016-5143 and CVE-2016-5144); and various fixes from upstream's internal audits, fuzzing, and other initiatives (CVE-2016-5146).

References:
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5146

CC: (none) => cjw
Assignee: cjw => qa-bugs

Comment 2 Bill Wilkinson 2016-08-07 16:42:28 CEST 
tested mga5-64

general browsing, jetstream, acid3, youtube video

all OK.

CC: (none) => wrw105
Whiteboard: (none) => has_procedure mga5-64-ok

Dave Hodgins 2016-08-08 11:40:41 CEST

Keywords: (none) => validated_update
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok advisory
CC: (none) => davidwhodgins, sysadmin-bugs

David Walser 2016-08-08 22:03:45 CEST

URL: (none) => http://lwn.net/Vulnerabilities/696700/

Comment 3 Mageia Robot 2016-08-09 10:59:27 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0279.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.