Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4330-1] chromium-browser security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4330-1] chromium-browser security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Michael Gilbert <mgilbert AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4330-1] chromium-browser security update
  • Date: Fri, 2 Nov 2018 07:47:45 -0400
  • List-archive: https://lists.debian.org/msgid-search/CANTw=MNeX5E=EaSc6=KZGHVT94NyDzg0WXG-cSg9eV0Drd9Hyg AT mail.gmail.com
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <michael.s.gilbert AT gmail.com>
  • Priority: urgent
  • Resent-date: Fri, 2 Nov 2018 11:43:57 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <FoBS9AwQdRI.A.-vC.8hD3bB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4330-1 security AT debian.org
https://www.debian.org/security/ Michael Gilbert
November 02, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468
CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-5179

Yannic Boneberger discovered an error in the ServiceWorker implementation.

CVE-2018-17462

Ned Williamson and Niklas Baumstark discovered a way to escape the
sandbox.

CVE-2018-17463

Ned Williamson and Niklas Baumstark discovered a remote code execution
issue in the v8 javascript library.

CVE-2018-17464

xisigr discovered a URL spoofing issue.

CVE-2018-17465

Lin Zuojian discovered a use-after-free issue in the v8 javascript
library.

CVE-2018-17466

Omair discovered a memory corruption issue in the angle library.

CVE-2018-17467

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-17468

Jams Lee discovered an information disclosure issue.

CVE-2018-17469

Zhen Zhou discovered a buffer overflow issue in the pdfium library.

CVE-2018-17470

Zhe Jin discovered a memory corruption issue in the GPU backend
implementation.

CVE-2018-17471

Lnyas Zhang discovered an issue with the full screen user interface.

CVE-2018-17473

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-17474

Zhe Jin discovered a use-after-free issue.

CVE-2018-17475

Vladimir Metnew discovered a URL spoofing issue.

CVE-2018-17476

Khalil Zhani discovered an issue with the full screen user interface.

CVE-2018-17477

Aaron Muir Hamilton discovered a user interface spoofing issue in the
extensions pane.

This update also fixes a buffer overflow in the embedded lcms library included
with chromium.

For the stable distribution (stretch), these problems have been fixed in
version 70.0.3538.67-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvcOIQACgkQuNayzQLW
9HP+1iAAsLTGaiN2DOVoaZcy7J81dIbvflucvy8wdch0sFPiqlP0V3PLr04yBKBG
vEZcbGSsdUzCX5oT/eF4SG4qDyY7lSVKCKA8kTvu4UmwnJD8XwouOaKMtsgdcrSc
GcChQ9zSBSlRBm6Aq0UvirkfCDz2W/zEAjUQZFqBCsNAC+2886SDO+kXwxXKv9ol
9P5tfKh+9+t10FMpj0qlBLwb6bdGqjum4iStxyIZEvX9tQ+6H/P6xhog4EoturMH
lerPgiWtItpnFxZX7bCCaFDNaMdByXWCw829k2Rc0+kX6KzUVLbgQaeNlmED2Pn3
EI8c+ABVsE7lJ0w6DTf9KLMYYkPD4NiREWmipptF1gdKDoTKmksAGMDae+Q600wT
8Yy0AAS4S33qliqFuveUMvCqvMR0DAnw8mn8Li1s2OcI2YRKeqEGvXwltqj2RIfz
pvzxVlDHx7Go/FIWO4j3o6MhsjVMUQNDXuFl8xkDzgRiICuFEibyKdXNgCEYyUwc
Nk/iXzRLxQyWjy1p9fWrtk2EpL97kuOIBtLf1SH9VC4O/uJyZ/H8L/hGA6esx99z
8AGpwy/zTVimff3dj1/+BtIFHhdWY3zhydlAchVkvZrpGMBRNHz1H1RWy/wx6IIy
JGb3LP1U/narlqf0vYKUQW2oDVFybXM5Exqwm4c6ipBYxWkuOYd4bXqx/ojMAgHC
ar135UrX2zdLIUyFVpICbFFUxQUil92VYdwPuJWXXAJdzzOMuz42UoM2xSqv0oRj
DRAU7/QFpz0Ilrf3C0+ktirWvo9GSNm5Kq5xNgC9Khp9uppu6cXHDCZxCCOQz6xX
yOYrYjzGeYB8EYrlVPVT1YmKHJ1/FqCjoJ3IkkCsIo8MnCR9olO0AK1smo21Dvim
+OcdJax6xWn4aIKbZDqL1GUYRotMoVfsnEbrsqBrsrLiWqlsmvVALN12083NK+zB
2OhYdU2D5oWep4Eb92+RI1ykk1wDaW9bpbdIOcK48HFAejk2PmZX2hhIgbrek0uP
/Lu5FZn7NehFIjAxYIQ2qAk9vNdXmk6u3MrAFC96VoBFaIvg09MXuA/K0nIOnryW
17n0WxUjk8/pFfgRMJFW7oobEvw0NFvHFNEteP+b1T1ucJj/2CEAtMGE73UbHnv/
03ez0boUiejkJmShpsPoWt02j/w4pfZ2vEDGlzBj0h3Bof8CmLJ422r0tfB5Vrp+
GuCxK7mQQItwatAMxyfXjBx+KxBROwb5mcQ0E9AwAonvsfgzrAgcoXAofV1oMiRy
UvxdDnkJ69wblQ+ahyFjjdhR8+L1VNHHuQkgxfXCdXRxLdCzt4GHk5EFHh/5zGdX
Ay238uDIBhE1NLHpUSX2D6/cMGFggA==
=AINb
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4330-1] chromium-browser security update, Michael Gilbert, 02.11.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang