1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4330-1] chromium-browser security update

    From Michael Gilbert@1:229/2 to All on Fri Nov 2 12:50:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : chromium-browser
    CVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
    CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468
    CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
    CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477

    Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2018-5179

    Yannic Boneberger discovered an error in the ServiceWorker implementation.

    CVE-2018-17462

    Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.

    CVE-2018-17463

    Ned Williamson and Niklas Baumstark discovered a remote code execution
    issue in the v8 javascript library.

    CVE-2018-17464

    xisigr discovered a URL spoofing issue.

    CVE-2018-17465

    Lin Zuojian discovered a use-after-free issue in the v8 javascript
    library.

    CVE-2018-17466

    Omair discovered a memory corruption issue in the angle library.

    CVE-2018-17467

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-17468

    Jams Lee discovered an information disclosure issue.

    CVE-2018-17469

    Zhen Zhou discovered a buffer overflow issue in the pdfium library.

    CVE-2018-17470

    Zhe Jin discovered a memory corruption issue in the GPU backend
    implementation.

    CVE-2018-17471

    Lnyas Zhang discovered an issue with the full screen user interface.

    CVE-2018-17473

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-17474

    Zhe Jin discovered a use-after-free issue.

    CVE-2018-17475

    Vladimir Metnew discovered a URL spoofing issue.

    CVE-2018-17476

    Khalil Zhani discovered an issue with the full screen user interface.

    CVE-2018-17477

    Aaron Muir Hamilton discovered a user interface spoofing issue in the
    extensions pane.

    This update also fixes a buffer overflow in the embedded lcms library included with chromium.

    For the stable distribution (stretch), these problems have been fixed in version 70.0.3538.67-1~deb9u1.

    We recommend that you upgrade your chromium-browser packages.

    For the detailed security status of chromium-browser please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvcOIQACgkQuNayzQLW 9HP+1iAAsLTGaiN2DOVoaZcy7J81dIbvflucvy8wdch0sFPiqlP0V3PLr04yBKBG vEZcbGSsdUzCX5oT/eF4SG4qDyY7lSVKCKA8kTvu4UmwnJD8XwouOaKMtsgdcrSc GcChQ9zSBSlRBm6Aq0UvirkfCDz2W/zEAjUQZFqBCsNAC+2886SDO+kXwxXKv9ol 9P5tfKh+9+t10FMpj0qlBLwb6bdGqjum4iStxyIZEvX9tQ+6H/P6xhog4EoturMH lerPgiWtItpnFxZX7bCCaFDNaMdByXWCw829k2Rc0+kX6KzUVLbgQaeNlmED2Pn3 EI8c+ABVsE7lJ0w6DTf9KLMYYkPD4NiREWmipptF1gdKDoTKmksAGMDae+Q600wT 8Yy0AAS4S33qliqFuveUMvCqvMR0DAnw8mn8Li1s2OcI2YRKeqEGvXwltqj2RIfz pvzxVlDHx7Go/FIWO4j3o6MhsjVMUQNDXuFl8xkDzgRiICuFEibyKdXNgCEYyUwc Nk/iXzRLxQyWjy1p9fWrtk2EpL97kuOIBtLf1SH9VC4O/uJyZ/H8L/hGA6esx99z 8AGpwy/zTVimff3dj1/+BtIFHhdWY3zhydlAchVkvZrpGMBRNHz1H1RWy/wx6IIy JGb3LP1U/narlqf0vYKUQW2oDVFybXM5Exqwm4c6ipBYxWkuOYd4bXqx/ojMAgHC ar135UrX2zdLIUyFVpICbFFUxQUil92VYdwPuJWXXAJdzzOMuz42UoM2xSqv0oRj DRAU7/QFpz0Ilrf3C0+ktirWvo9GSNm5Kq5xNgC9Khp9uppu6cXHDCZxCCOQz6xX yOYrYjzGeYB8EYrlVPVT1YmKHJ1/FqCjoJ3IkkCsIo8MnCR9olO0AK1smo21Dvim +OcdJax6xWn4aIKbZDqL1GUYRotMoVfsnEbrsqBrsrLiWqlsmvVALN12083NK+zB 2OhYdU2D5oWep4Eb92+RI1ykk1wDaW9bpbdIOcK48HFAejk2PmZX2hhIgbrek0uP /Lu5FZn7NehFIjAxYIQ2qAk9vNdXmk6u3MrAFC96VoBFaIvg09MXuA/K0nIOnryW 17n0WxUjk8/pFfgRMJFW7oobEvw0NFvHFNEteP+b1T1ucJj/2CEAtMGE73UbHnv/ 03ez0boUiejkJmShpsPoWt02j/w4pfZ2vEDGlzBj0h3Bof8CmLJ422r0tfB5Vrp+ GuCxK7mQQItwatAMxyfXjBx+KxBROwb5mcQ0E9AwAonvsfgzrAgcoXAofV1oMiRy UvxdDnkJ69wblQ+ahyFjjdhR8+L1VNHHuQkgxfXCdXRxLdCzt4GHk5EFHh/5zGdX Ay238uDIBhE1NLHpUSX2D6/cMGFggA==
    =AINb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)