Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 23 Apr 2015Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1235 , CVE-2015-1236 , CVE-2015-1237 , CVE-2015-1238 , CVE-2015-1240 , CVE-2015-1241 , CVE-2015-1242 , CVE-2015-1244 , CVE-2015-1245 , CVE-2015-1246 , CVE-2015-1247 , CVE-2015-1248 , CVE-2015-1249 , CVE-2015-3333
Description
Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser (CVE-2015-1235), a cross-origin-bypass in Blink (CVE-2015-1236), a use-after-free in IPC (CVE-2015-1237), an out-of-bounds write in Skia (CVE-2015-1238), an out-of-bounds read in WebGL (CVE-2015-1240), Tap-Jacking (CVE-2015-1241), type confusion in V8 (CVE-2015-1242), HSTS bypass in WebSockets (CVE-2015-1244), a use-after-free in PDFium (CVE-2015-1245), an out-of-bounds read in Blink (CVE-2015-1246), scheme issues in OpenSearch, (CVE-2015-1247), and a SafeBrowsing bypass (CVE-2015-1248). Also included are various fixes from internal audits, fuzzing and other initiatives (CVE-2015-1249), and multiple vulnerabilities in V8 have been fixed at the tip of the 4.2 branch (currently 4.2.77.14) (CVE-2015-3333).
References
- https://bugs.mageia.org/show_bug.cgi?id=15702
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1235
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1236
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1238
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1242
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1244
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1245
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1246
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1247
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1248
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1249
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3333
SRPMS
4/core
- chromium-browser-stable-42.0.2311.90-1.mga4