Bugzilla – Bug 939077
VUL-0: chromium: Chrome 44.0.2403.89 with various security fixes
Last modified: 2020-06-08 11:06:11 UTC
http://googlechromereleases.blogspot.de/2015/07/stable-channel-update_21.html Security issues fixed: CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi. CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team. CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne. CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon. CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer. CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa. CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva. CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa. CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG. CVE-2015-1286: UXSS in blink. Credit to anonymous. CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor. CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG. CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva. CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined. CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva. CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes. CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com. CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives. References: https://bugzilla.redhat.com/show_bug.cgi?id=1245436 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
This is an autogenerated message for OBS integration: This bug (939077) was mentioned in https://build.opensuse.org/request/show/317946 13.2 / chromium https://build.opensuse.org/request/show/317947 13.1 / chromium
Update is running, including SLE 12 backport
Also fixed in 44.0.2403.89: CVE-2015-5605: The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
releasing
openSUSE-SU-2015:1287-1: An update that fixes 21 vulnerabilities is now available. Category: security (important) Bug References: 939077 CVE References: CVE-2015-1270,CVE-2015-1271,CVE-2015-1272,CVE-2015-1273,CVE-2015-1274,CVE-2015-1275,CVE-2015-1276,CVE-2015-1277,CVE-2015-1278,CVE-2015-1279,CVE-2015-1280,CVE-2015-1281,CVE-2015-1282,CVE-2015-1283,CVE-2015-1284,CVE-2015-1285,CVE-2015-1286,CVE-2015-1287,CVE-2015-1288,CVE-2015-1289,CVE-2015-5605 Sources used: openSUSE 13.2 (src): chromium-44.0.2403.89-38.1 openSUSE 13.1 (src): chromium-44.0.2403.89-93.1