[arch-security] [ASA-201503-5] chromium: multiple issues

Thu Mar 5 09:43:56 UTC 2015

Arch Linux Security Advisory ASA-201503-5
=========================================

Severity: Critical
Date    : 2015-03-05
CVE-ID  : CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215
CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220
CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225
CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230
CVE-2015-1231
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package chromium before version 41.0.2272.76-1 is vulnerable to
multiple issues. While the exact impact has not been disclosed by the
vendor, most issues has been classified as having a high or critical impact.

Resolution
==========

Upgrade to 41.0.2272.76-1.

# pacman -Syu "chromium>=41.0.2272.76-1"

The problem has been fixed upstream in version 41.0.2272.76.

Workaround
==========

None.

Description
===========

- CVE-2015-1212:

Out-of-bounds write in media.

- CVE-2015-1213, CVE-2015-1214, CVE-2015-1215:

Out-of-bounds write in skia filters.

- CVE-2015-1216:

Use-after-free in v8 bindings.

- CVE-2015-1217:

Type confusion in v8 bindings.

- CVE-2015-1218:

Use-after-free in dom.

- CVE-2015-1219:

Integer overflow in webgl.

- CVE-2015-1220:

Use-after-free in gif decoder.

- CVE-2015-1221:

Use-after-free in web databases.

- CVE-2015-1222:

Use-after-free in service workers.

- CVE-2015-1223:

Use-after-free in dom.

- CVE-2015-1224:

Out-of-bounds read in vpxdecoder.

- CVE-2015-1225:

Out-of-bounds read in pdfium.

- CVE-2015-1226:

Validation issue in debugger.

- CVE-2015-1227:

Uninitialized value in blink.

- CVE-2015-1228:

Uninitialized value in rendering.

- CVE-2015-1229:

 Cookie injection via proxies.

- CVE-2015-1230:

 Type confusion in v8.

- CVE-2015-1231:

Various fixes from internal audits, fuzzing and other initiatives.

Impact
======

There isn't enough information disclosed by the vendor at this moment.
At least one issue has been classified as critical by the vendor
(https://code.google.com/p/chromium/issues/detail?id=460145), so
arbitrary remote code execution can not be ruled out.

References
==========

http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1212
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1213
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1214
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1215
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1216
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1217
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1218
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1221
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1222
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1223
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1224
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1225
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1227
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1228
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1229
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1230
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1231

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150305/613d43af/attachment.asc>