ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0235
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0235)
Resumen:	The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2015-0235 advisory.
Descripción:	Summary: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2015-0235 advisory. Vulnerability Insight: Chromium-browser 43.0.2357.65 fixes a number of security issues: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. (CVE-2015-1251) common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. (CVE-2015-1252) core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. (CVE-2015-1253) core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. (CVE-2015-1254) Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. (CVE-2015-1255) Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. (CVE-2015-1256) platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. (CVE-2015-1257) Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. (CVE-2015-1258) PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2015-1259) Multiple use-after-free ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'chromium-browser-stable' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1251 BugTraq ID: 74723 http://www.securityfocus.com/bid/74723 Bugtraq: 20161123 CVE-2015-1251: Chrome blink SpeechÂ-RecognitionÂ-Controller use-after-free details (Google Search) http://www.securityfocus.com/archive/1/539824/100/0/threaded Debian Security Information: DSA-3267 (Google Search) http://www.debian.org/security/2015/dsa-3267 http://seclists.org/fulldisclosure/2016/Nov/136 https://security.gentoo.org/glsa/201506-04 http://blog.skylined.nl/20161123001.html http://zerodayinitiative.com/advisories/ZDI-15-236/ http://www.securitytracker.com/id/1032375 SuSE Security Announcement: openSUSE-SU-2015:0969 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html SuSE Security Announcement: openSUSE-SU-2015:1877 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1252 Common Vulnerability Exposure (CVE) ID: CVE-2015-1253 Common Vulnerability Exposure (CVE) ID: CVE-2015-1254 Common Vulnerability Exposure (CVE) ID: CVE-2015-1255 Common Vulnerability Exposure (CVE) ID: CVE-2015-1256 Common Vulnerability Exposure (CVE) ID: CVE-2015-1257 Common Vulnerability Exposure (CVE) ID: CVE-2015-1258 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1259 Common Vulnerability Exposure (CVE) ID: CVE-2015-1260 Common Vulnerability Exposure (CVE) ID: CVE-2015-1262 Common Vulnerability Exposure (CVE) ID: CVE-2015-1263 Common Vulnerability Exposure (CVE) ID: CVE-2015-1264 Common Vulnerability Exposure (CVE) ID: CVE-2015-1265 BugTraq ID: 74727 http://www.securityfocus.com/bid/74727 https://www.exploit-db.com/exploits/37766/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.