Debian Local Security Checks : Debian: Security Advisory (DSA-3351-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.703351

Category: Debian Local Security Checks

Title: Debian: Security Advisory (DSA-3351-1)

Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3351-1 advisory.

Description: Summary:
The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3351-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the chromium web browser.

CVE-2015-1291

A cross-origin bypass issue was discovered in DOM.

CVE-2015-1292

Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker.

CVE-2015-1293

Mariusz Mlynski discovered a cross-origin bypass issue in DOM.

CVE-2015-1294

cloudfuzzer discovered a use-after-free issue in the Skia graphics library.

CVE-2015-1295

A use-after-free issue was discovered in the printing component.

CVE-2015-1296

zcorpan discovered a character spoofing issue.

CVE-2015-1297

Alexander Kashev discovered a permission scoping error.

CVE-2015-1298

Rob Wu discovered an error validating the URL of extensions.

CVE-2015-1299

taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library.

CVE-2015-1300

cgvwzq discovered an information disclosure issue in the Blink/WebKit library.

CVE-2015-1301

The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29.

For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~
deb8u1.

For the testing distribution (stretch), these problems will be fixed once the gcc-5 transition completes.

For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1.

We recommend that you upgrade your chromium-browser packages.

Affected Software/OS:
'chromium-browser' package(s) on Debian 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1291
Debian Security Information: DSA-3351 (Google Search)
http://www.debian.org/security/2015/dsa-3351
https://security.gentoo.org/glsa/201603-09
RedHat Security Advisories: RHSA-2015:1712
http://rhn.redhat.com/errata/RHSA-2015-1712.html
http://www.securitytracker.com/id/1033472
SuSE Security Announcement: openSUSE-SU-2015:1586 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:1873 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1292
Common Vulnerability Exposure (CVE) ID: CVE-2015-1293
Common Vulnerability Exposure (CVE) ID: CVE-2015-1294
Common Vulnerability Exposure (CVE) ID: CVE-2015-1295
Common Vulnerability Exposure (CVE) ID: CVE-2015-1296
Common Vulnerability Exposure (CVE) ID: CVE-2015-1297
Common Vulnerability Exposure (CVE) ID: CVE-2015-1298
Common Vulnerability Exposure (CVE) ID: CVE-2015-1299
Common Vulnerability Exposure (CVE) ID: CVE-2015-1300
https://github.com/w3c/resource-timing/issues/29
Common Vulnerability Exposure (CVE) ID: CVE-2015-1301

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.703351
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3351-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3351-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3351-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DOM. CVE-2015-1294 cloudfuzzer discovered a use-after-free issue in the Skia graphics library. CVE-2015-1295 A use-after-free issue was discovered in the printing component. CVE-2015-1296 zcorpan discovered a character spoofing issue. CVE-2015-1297 Alexander Kashev discovered a permission scoping error. CVE-2015-1298 Rob Wu discovered an error validating the URL of extensions. CVE-2015-1299 taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library. CVE-2015-1300 cgvwzq discovered an information disclosure issue in the Blink/WebKit library. CVE-2015-1301 The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29. For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~ deb8u1. For the testing distribution (stretch), these problems will be fixed once the gcc-5 transition completes. For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1. We recommend that you upgrade your chromium-browser packages. Affected Software/OS: 'chromium-browser' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1291 Debian Security Information: DSA-3351 (Google Search) http://www.debian.org/security/2015/dsa-3351 https://security.gentoo.org/glsa/201603-09 RedHat Security Advisories: RHSA-2015:1712 http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.securitytracker.com/id/1033472 SuSE Security Announcement: openSUSE-SU-2015:1586 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:1873 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2015-1292 Common Vulnerability Exposure (CVE) ID: CVE-2015-1293 Common Vulnerability Exposure (CVE) ID: CVE-2015-1294 Common Vulnerability Exposure (CVE) ID: CVE-2015-1295 Common Vulnerability Exposure (CVE) ID: CVE-2015-1296 Common Vulnerability Exposure (CVE) ID: CVE-2015-1297 Common Vulnerability Exposure (CVE) ID: CVE-2015-1298 Common Vulnerability Exposure (CVE) ID: CVE-2015-1299 Common Vulnerability Exposure (CVE) ID: CVE-2015-1300 https://github.com/w3c/resource-timing/issues/29 Common Vulnerability Exposure (CVE) ID: CVE-2015-1301
Copyright	Copyright (C) 2015 Greenbone AG