lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CANTw=MNeX5E=EaSc6=KZGHVT94NyDzg0WXG-cSg9eV0Drd9Hyg@mail.gmail.com>
Date: Fri, 2 Nov 2018 07:47:45 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4330-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4330-1                   security@...ian.org
https://www.debian.org/security/                          Michael Gilbert
November 02, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
                 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468
                 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
                 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-5179

    Yannic Boneberger discovered an error in the ServiceWorker implementation.

CVE-2018-17462

    Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.

CVE-2018-17463

    Ned Williamson and Niklas Baumstark discovered a remote code execution
    issue in the v8 javascript library.

CVE-2018-17464

    xisigr discovered a URL spoofing issue.

CVE-2018-17465

    Lin Zuojian discovered a use-after-free issue in the v8 javascript
    library.

CVE-2018-17466

    Omair discovered a memory corruption issue in the angle library.

CVE-2018-17467

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-17468

    Jams Lee discovered an information disclosure issue.

CVE-2018-17469

    Zhen Zhou discovered a buffer overflow issue in the pdfium library.

CVE-2018-17470

    Zhe Jin discovered a memory corruption issue in the GPU backend
    implementation.

CVE-2018-17471

    Lnyas Zhang discovered an issue with the full screen user interface.

CVE-2018-17473

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-17474

    Zhe Jin discovered a use-after-free issue.

CVE-2018-17475

    Vladimir Metnew discovered a URL spoofing issue.

CVE-2018-17476

    Khalil Zhani discovered an issue with the full screen user interface.

CVE-2018-17477

    Aaron Muir Hamilton discovered a user interface spoofing issue in the
    extensions pane.

This update also fixes a buffer overflow in the embedded lcms library included
with chromium.

For the stable distribution (stretch), these problems have been fixed in
version 70.0.3538.67-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvcOIQACgkQuNayzQLW
9HP+1iAAsLTGaiN2DOVoaZcy7J81dIbvflucvy8wdch0sFPiqlP0V3PLr04yBKBG
vEZcbGSsdUzCX5oT/eF4SG4qDyY7lSVKCKA8kTvu4UmwnJD8XwouOaKMtsgdcrSc
GcChQ9zSBSlRBm6Aq0UvirkfCDz2W/zEAjUQZFqBCsNAC+2886SDO+kXwxXKv9ol
9P5tfKh+9+t10FMpj0qlBLwb6bdGqjum4iStxyIZEvX9tQ+6H/P6xhog4EoturMH
lerPgiWtItpnFxZX7bCCaFDNaMdByXWCw829k2Rc0+kX6KzUVLbgQaeNlmED2Pn3
EI8c+ABVsE7lJ0w6DTf9KLMYYkPD4NiREWmipptF1gdKDoTKmksAGMDae+Q600wT
8Yy0AAS4S33qliqFuveUMvCqvMR0DAnw8mn8Li1s2OcI2YRKeqEGvXwltqj2RIfz
pvzxVlDHx7Go/FIWO4j3o6MhsjVMUQNDXuFl8xkDzgRiICuFEibyKdXNgCEYyUwc
Nk/iXzRLxQyWjy1p9fWrtk2EpL97kuOIBtLf1SH9VC4O/uJyZ/H8L/hGA6esx99z
8AGpwy/zTVimff3dj1/+BtIFHhdWY3zhydlAchVkvZrpGMBRNHz1H1RWy/wx6IIy
JGb3LP1U/narlqf0vYKUQW2oDVFybXM5Exqwm4c6ipBYxWkuOYd4bXqx/ojMAgHC
ar135UrX2zdLIUyFVpICbFFUxQUil92VYdwPuJWXXAJdzzOMuz42UoM2xSqv0oRj
DRAU7/QFpz0Ilrf3C0+ktirWvo9GSNm5Kq5xNgC9Khp9uppu6cXHDCZxCCOQz6xX
yOYrYjzGeYB8EYrlVPVT1YmKHJ1/FqCjoJ3IkkCsIo8MnCR9olO0AK1smo21Dvim
+OcdJax6xWn4aIKbZDqL1GUYRotMoVfsnEbrsqBrsrLiWqlsmvVALN12083NK+zB
2OhYdU2D5oWep4Eb92+RI1ykk1wDaW9bpbdIOcK48HFAejk2PmZX2hhIgbrek0uP
/Lu5FZn7NehFIjAxYIQ2qAk9vNdXmk6u3MrAFC96VoBFaIvg09MXuA/K0nIOnryW
17n0WxUjk8/pFfgRMJFW7oobEvw0NFvHFNEteP+b1T1ucJj/2CEAtMGE73UbHnv/
03ez0boUiejkJmShpsPoWt02j/w4pfZ2vEDGlzBj0h3Bof8CmLJ422r0tfB5Vrp+
GuCxK7mQQItwatAMxyfXjBx+KxBROwb5mcQ0E9AwAonvsfgzrAgcoXAofV1oMiRy
UvxdDnkJ69wblQ+ahyFjjdhR8+L1VNHHuQkgxfXCdXRxLdCzt4GHk5EFHh/5zGdX
Ay238uDIBhE1NLHpUSX2D6/cMGFggA==
=AINb
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ