[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CANTw=MNeX5E=EaSc6=KZGHVT94NyDzg0WXG-cSg9eV0Drd9Hyg@mail.gmail.com>
Date: Fri, 2 Nov 2018 07:47:45 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4330-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4330-1 security@...ian.org
https://www.debian.org/security/ Michael Gilbert
November 02, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468
CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2018-5179
Yannic Boneberger discovered an error in the ServiceWorker implementation.
CVE-2018-17462
Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.
CVE-2018-17463
Ned Williamson and Niklas Baumstark discovered a remote code execution
issue in the v8 javascript library.
CVE-2018-17464
xisigr discovered a URL spoofing issue.
CVE-2018-17465
Lin Zuojian discovered a use-after-free issue in the v8 javascript
library.
CVE-2018-17466
Omair discovered a memory corruption issue in the angle library.
CVE-2018-17467
Khalil Zhani discovered a URL spoofing issue.
CVE-2018-17468
Jams Lee discovered an information disclosure issue.
CVE-2018-17469
Zhen Zhou discovered a buffer overflow issue in the pdfium library.
CVE-2018-17470
Zhe Jin discovered a memory corruption issue in the GPU backend
implementation.
CVE-2018-17471
Lnyas Zhang discovered an issue with the full screen user interface.
CVE-2018-17473
Khalil Zhani discovered a URL spoofing issue.
CVE-2018-17474
Zhe Jin discovered a use-after-free issue.
CVE-2018-17475
Vladimir Metnew discovered a URL spoofing issue.
CVE-2018-17476
Khalil Zhani discovered an issue with the full screen user interface.
CVE-2018-17477
Aaron Muir Hamilton discovered a user interface spoofing issue in the
extensions pane.
This update also fixes a buffer overflow in the embedded lcms library included
with chromium.
For the stable distribution (stretch), these problems have been fixed in
version 70.0.3538.67-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvcOIQACgkQuNayzQLW
9HP+1iAAsLTGaiN2DOVoaZcy7J81dIbvflucvy8wdch0sFPiqlP0V3PLr04yBKBG
vEZcbGSsdUzCX5oT/eF4SG4qDyY7lSVKCKA8kTvu4UmwnJD8XwouOaKMtsgdcrSc
GcChQ9zSBSlRBm6Aq0UvirkfCDz2W/zEAjUQZFqBCsNAC+2886SDO+kXwxXKv9ol
9P5tfKh+9+t10FMpj0qlBLwb6bdGqjum4iStxyIZEvX9tQ+6H/P6xhog4EoturMH
lerPgiWtItpnFxZX7bCCaFDNaMdByXWCw829k2Rc0+kX6KzUVLbgQaeNlmED2Pn3
EI8c+ABVsE7lJ0w6DTf9KLMYYkPD4NiREWmipptF1gdKDoTKmksAGMDae+Q600wT
8Yy0AAS4S33qliqFuveUMvCqvMR0DAnw8mn8Li1s2OcI2YRKeqEGvXwltqj2RIfz
pvzxVlDHx7Go/FIWO4j3o6MhsjVMUQNDXuFl8xkDzgRiICuFEibyKdXNgCEYyUwc
Nk/iXzRLxQyWjy1p9fWrtk2EpL97kuOIBtLf1SH9VC4O/uJyZ/H8L/hGA6esx99z
8AGpwy/zTVimff3dj1/+BtIFHhdWY3zhydlAchVkvZrpGMBRNHz1H1RWy/wx6IIy
JGb3LP1U/narlqf0vYKUQW2oDVFybXM5Exqwm4c6ipBYxWkuOYd4bXqx/ojMAgHC
ar135UrX2zdLIUyFVpICbFFUxQUil92VYdwPuJWXXAJdzzOMuz42UoM2xSqv0oRj
DRAU7/QFpz0Ilrf3C0+ktirWvo9GSNm5Kq5xNgC9Khp9uppu6cXHDCZxCCOQz6xX
yOYrYjzGeYB8EYrlVPVT1YmKHJ1/FqCjoJ3IkkCsIo8MnCR9olO0AK1smo21Dvim
+OcdJax6xWn4aIKbZDqL1GUYRotMoVfsnEbrsqBrsrLiWqlsmvVALN12083NK+zB
2OhYdU2D5oWep4Eb92+RI1ykk1wDaW9bpbdIOcK48HFAejk2PmZX2hhIgbrek0uP
/Lu5FZn7NehFIjAxYIQ2qAk9vNdXmk6u3MrAFC96VoBFaIvg09MXuA/K0nIOnryW
17n0WxUjk8/pFfgRMJFW7oobEvw0NFvHFNEteP+b1T1ucJj/2CEAtMGE73UbHnv/
03ez0boUiejkJmShpsPoWt02j/w4pfZ2vEDGlzBj0h3Bof8CmLJ422r0tfB5Vrp+
GuCxK7mQQItwatAMxyfXjBx+KxBROwb5mcQ0E9AwAonvsfgzrAgcoXAofV1oMiRy
UvxdDnkJ69wblQ+ahyFjjdhR8+L1VNHHuQkgxfXCdXRxLdCzt4GHk5EFHh/5zGdX
Ay238uDIBhE1NLHpUSX2D6/cMGFggA==
=AINb
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists