Debian: DSA-3267-1: chromium-browser security update

    Date22 May 2015
    CategoryDebian
    57
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3267-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Michael Gilbert
    May 22, 2015                           http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254
                     CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258
                     CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262
                     CVE-2015-1263 CVE-2015-1264 CVE-2015-1265
    
    Several vulnerabilities were discovered in the chromium web browser.
    
    CVE-2015-1251
    
        SkyLined discovered a use-after-free issue in speech recognition.
    
    CVE-2015-1252
    
        An out-of-bounds write issue was discovered that could be used to
        escape from the sandbox.
    
    CVE-2015-1253
    
        A cross-origin bypass issue was discovered in the DOM parser.
    
    CVE-2015-1254
    
        A cross-origin bypass issue was discovered in the DOM editing feature.
    
    CVE-2015-1255
    
        Khalil Zhani discovered a use-after-free issue in WebAudio.
    
    CVE-2015-1256
    
        Atte Kettunen discovered a use-after-free issue in the SVG
        implementation.
    
    CVE-2015-1257
    
        miaubiz discovered an overflow issue in the SVG implementation.
    
    CVE-2015-1258
    
        cloudfuzzer discovered an invalid size parameter used in the
        libvpx library.
    
    CVE-2015-1259
    
        Atte Kettunen discovered an uninitialized memory issue in the
        pdfium library.
    
    CVE-2015-1260
    
        Khalil Zhani discovered multiple use-after-free issues in chromium's
        interface to the WebRTC library.
    
    CVE-2015-1261
    
        Juho Nurminen discovered a URL bar spoofing issue.
    
    CVE-2015-1262
    
        miaubiz discovered the use of an uninitialized class member in
        font handling.
    
    CVE-2015-1263
    
        Mike Ruddy discovered that downloading the spellcheck dictionary
        was not done over HTTPS.
    
    CVE-2015-1264
    
        K0r3Ph1L discovered a cross-site scripting issue that could be
        triggered by bookmarking a site.
    
    CVE-2015-1265
    
        The chrome 43 development team found and fixed various issues
        during internal auditing.  Also multiple issues were fixed in
        the libv8 library, version 4.3.61.21.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 43.0.2357.65-1~deb8u1.
    
    For the testing distribution (stretch), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 43.0.2357.65-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.