1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4289-1] chromium-browser security update (1/2)

    From Michael Gilbert@1:229/2 to All on Sat Sep 8 05:20:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4289-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 07, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium-browser
    CVE ID : CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068
    CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073
    CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077
    CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081
    CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2018-16065

    Brendon Tiszka discovered an out-of-bounds write issue in the v8
    javascript library.

    CVE-2018-16066

    cloudfuzzer discovered an out-of-bounds read issue in blink/webkit.

    CVE-2018-16067

    Zhe Jin discovered an out-of-bounds read issue in the WebAudio
    implementation.

    CVE-2018-16068

    Mark Brand discovered an out-of-bounds write issue in the Mojo
    message passing library.

    CVE-2018-16069

    Mark Brand discovered an out-of-bounds read issue in the swiftshader
    library.

    CVE-2018-16070

    Ivan Fratric discovered an integer overflow issue in the skia library.

    CVE-2018-16071

    Natalie Silvanovich discovered a use-after-free issue in the WebRTC
    implementation.

    CVE-2018-16073

    Jun Kokatsu discovered an error in the Site Isolation feature when
    restoring browser tabs.

    CVE-2018-16074

    Jun Kokatsu discovered an error in the Site Isolation feature when
    using a Blob URL.

    CVE-2018-16075

    Pepe Vila discovered an error that could allow remote sites to access
    local files.

    CVE-2018-16076

    Aseksandar Nikolic discovered an out-of-bounds read issue in the pdfium
    library.

    CVE-2018-16077

    Manuel Caballero discovered a way to bypass the Content Security Policy.

    CVE-2018-16078

    Cailan Sacks discovered that the Autofill feature could leak saved
    credit card information.

    CVE-2018-16079

    Markus Vervier and Michele OrrĂ¹ discovered a URL spoofing issue.

    CVE-2018-16080

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-16081

    Jann Horn discovered that local files could be accessed in the developer
    tools.

    CVE-2018-16082

    Omair discovered a buffer overflow issue in the swiftshader library.

    CVE-2018-16083

    Natalie Silvanovich discovered an out-of-bounds read issue in the WebRTC
    implementation.

    CVE-2018-16084

    Jun Kokatsu discovered a way to bypass a user confirmation dialog.

    CVE-2018-16085

    Roman Kuksin discovered a use-after-free issue.

    For the stable distribution (stretch), these problems have been fixed in version 69.0.3497.81-1~deb9u1.

    We recommend that you upgrade your chromium-browser packages.

    For the detailed security status of chromium-browser please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluTPsYACgkQuNayzQLW 9HOH9SAAhUYy8owwFEnMz5CUmqFiZTeac4bTtSm7EnDKtlyITWn0+PW054FXzRN4 +rXkjyN086qknXE74J7ByTPsFREXHT/NZPjen+gDVW381H/hl7S6rYgtxtjX8NXf q865bn3mWda7Y2+Z3MHpcWzeJHOtaIvWDvA4FJl+Au+SwaIhn/SdQUGBetgdgDEa tDBgqq3SdIGE75A00ugJiGDYKgBV4gqqOfQAKuXYMSUjDxhhiXLA65MEMTRYHBYx +HXZTjFJCWBCGUS11bYkYVXwaU/sjmUmsaQHyG3LcLCe+a2sA54TZqLVs6nRD335 G5vOwM1g2Gg5ueVDMRaZh8caHBJIUYy3ir7yWH+Xke4jMSsb0elDPg1dZbmEgfPC gdCtiEbOwjkoa/FNLQNU8i7Tpa9daG90/hZcOT9vmKqbV+OOX21bNvpp40yQiWib vqv518VaWz3cQlRprTdKuxh2/l9ljw0r7mwWKyNocyUpRlPFLLYyQZ38ayuImx2E Itki39z2jFLJqbx/a3hS0zxgdVY3tLuH0++EZOZpW5kkOU4zcLv1dfBkTcfewH3b b3tGELiC5Odbfl7+Lr18znZI+h4hiIr7/8jbhbwS+A/vfEk2RdTxS6wAyXl4Hmnl Nr8Fd1cXGDPArZWz121rXVsmMe+X+1il4Wv8gRXrCqGKHIuZqUxKwHMI6AQRhyZs jh2rANUTG4ymEIYlEmP47p48FKTdAQfjusN/r/TQw/yekbJxs5MB8yfkj5TF1pE9 wTaJEMNniafSdKJlUPjbRcYapMSVrv/78gA6U76hbgDD8mDIZTBBtTNorvlUBBO+ rdB+iXC7HDUJbH2bRKD5qMrJg7euehMPMyGS/Hgfoi3Afzl65jYzRo63UwHd7JtX iAmSh71Og4r3joIAiI+nU640HtaIFZVNIDWyv+DZ/pj5KvQYSfNzdJA6wJJ3kBhO fHA5+mMMq8JNHigaEdBBL2yJ9f5YPgMF6rYrcGIm/OOtoVrKrD14d2VOGLYpZOQl n37iVgLPaYPjoY1uqbJlDbkXRFiH18qdyyaCwpfug9byb7sDEHMdDJzdufwqCblS

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)