959458 – (CVE-2015-6792) VUL-0: CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing

Bug 959458 (CVE-2015-6792) - VUL-0: CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing

Summary: VUL-0: CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing

Status:	RESOLVED FIXED

Alias:	CVE-2015-6792

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/159886/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-12-17 05:26 UTC by Marcus Meissner
Modified:	2016-06-30 14:11 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-12-17 05:26:49 UTC

http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html

 Stable Channel Update
The stable channel has been updated to 47.0.2526.106 for Windows, Mac, and Linux.

Security Fixes

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 2 security fixes as part of our ongoing internal security work:

    [569486] CVE-2015-6792: Fixes from internal audits and fuzzing.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer or Control Flow Integrity.

A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Vivian Zhi
Google Chrome

Comment 1 Swamp Workflow Management 2015-12-17 23:00:13 UTC

bugbot adjusting priority

Comment 2 Andreas Stieger 2015-12-20 15:37:51 UTC

update is running

Comment 3 Bernhard Wiedemann 2015-12-20 16:00:18 UTC

This is an autogenerated message for OBS integration:
This bug (959458) was mentioned in
https://build.opensuse.org/request/show/349885 13.1+Backports:SLE-12+13.2+42.1 / chromium

Comment 4 Andreas Stieger 2015-12-23 10:11:07 UTC

releasing

Comment 5 Swamp Workflow Management 2015-12-23 14:11:09 UTC

openSUSE-SU-2015:2346-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 959458
CVE References: CVE-2015-6792
Sources used:
openSUSE Leap 42.1 (src):    chromium-47.0.2526.106-10.1
openSUSE 13.2 (src):    chromium-47.0.2526.106-64.1
openSUSE 13.1 (src):    chromium-47.0.2526.106-119.1

Comment 6 Swamp Workflow Management 2015-12-23 14:11:22 UTC

openSUSE-SU-2015:2347-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 959458
CVE References: CVE-2015-6792
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-47.0.2526.106-38.1