Arch Linux Security Advisory ASA-201504-30 ========================================= Severity: High Date : 2015-04-29 CVE-ID : CVE-2015-1243 CVE-2015-1250 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ====== The package chromium before version 42.0.2311.135-1 is vulnerable to multiple issues, including but not limited to a use-after-free. Resolution ========= Upgrade to 42.0.2311.135-1. # pacman -Syu "chromium>=42.0.2311.135-1" The problem has been fixed upstream in version 42.0.2311.135. Workaround ========= None. Description ========== - CVE-2015-1243 (use-after-free): Use-after-free in DOM. Credit to Saif El-Sherei. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. Impact ===== Google has not disclosed any information regarding the issues fixed in this release. Four of them (CVE-2015-1243 and three more covered by CVE-2015-1250) are classified as "high", while the remaining issue covered by CVE-2015-125 is classified as medium. References ========= https://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1243 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1250
ArchLinux: 201504-30: chromium: multiple issues
April 29, 2015
Summary
- CVE-2015-1243 (use-after-free):
Use-after-free in DOM. Credit to Saif El-Sherei.
- CVE-2015-1250:
Various fixes from internal audits, fuzzing and other initiatives.
Resolution
Upgrade to 42.0.2311.135-1.
# pacman -Syu "chromium>=42.0.2311.135-1"
The problem has been fixed upstream in version 42.0.2311.135.
References
https://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1243 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1250
Severity
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Workaround
None.
News
HOWTOs
About Us
Powered By
