Debian: DSA-4237-1: chromium-browser security update

    Date30 Jun 2018
    CategoryDebian
    6533
    Posted ByAnthony Pell
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4237-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    June 30, 2018                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122
                     CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126
                     CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131
                     CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135
                     CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139
                     CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143
                     CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148
                     CVE-2018-6149
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-6118
    
        Ned Williamson discovered a use-after-free issue.
    
    CVE-2018-6120
    
        Zhou Aiting discovered a buffer overflow issue in the pdfium library.
    
    CVE-2018-6121
    
        It was discovered that malicious extensions could escalate privileges.
    
    CVE-2018-6122
    
        A type confusion issue was discovered in the v8 javascript library.
    
    CVE-2018-6123
    
        Looben Yang discovered a use-after-free issue.
    
    CVE-2018-6124
    
        Guang Gong discovered a type confusion issue.
    
    CVE-2018-6125
    
        Yubico discovered that the WebUSB implementation was too permissive.
    
    CVE-2018-6126
    
        Ivan Fratric discovered a buffer overflow issue in the skia library.
    
    CVE-2018-6127
    
        Looben Yang discovered a use-after-free issue.
    
    CVE-2018-6129
    
        Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
    
    CVE-2018-6130
    
        Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
    
    CVE-2018-6131
    
        Natalie Silvanovich discovered an error in WebAssembly.
    
    CVE-2018-6132
    
        Ronald E. Crane discovered an uninitialized memory issue.
    
    CVE-2018-6133
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6134
    
        Jun Kokatsu discovered a way to bypass the Referrer Policy.
    
    CVE-2018-6135
    
        Jasper Rebane discovered a user interface spoofing issue.
    
    CVE-2018-6136
    
        Peter Wong discovered an out-of-bounds read issue in the v8 javascript
        library.
    
    CVE-2018-6137
    
        Michael Smith discovered an information leak.
    
    CVE-2018-6138
    
        François Lajeunesse-Robert discovered that the extensions policy was
        too permissive.
    
    CVE-2018-6139
    
        Rob Wu discovered a way to bypass restrictions in the debugger extension.
    
    CVE-2018-6140
    
        Rob Wu discovered a way to bypass restrictions in the debugger extension.
    
    CVE-2018-6141
    
        Yangkang discovered a buffer overflow issue in the skia library.
    
    CVE-2018-6142
    
        Choongwoo Han discovered an out-of-bounds read in the v8 javascript
        library.
    
    CVE-2018-6143
    
        Guang Gong discovered an out-of-bounds read in the v8 javascript library.
    
    CVE-2018-6144
    
        pdknsk discovered an out-of-bounds read in the pdfium library.
    
    CVE-2018-6145
    
        Masato Kinugawa discovered an error in the MathML implementation.
    
    CVE-2018-6147
    
        Michail Pishchagin discovered an error in password entry fields.
    
    CVE-2018-6148
    
        Micha? Bentkowski discovered that the Content Security Policy header
        was handled incorrectly.
    
    CVE-2018-6149
    
        Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the
        v8 javascript library.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 67.0.3396.87-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAls4J2QACgkQuNayzQLW
    9HP9zR/+OKevx5/QJndGvdxJ/gce4jMx9iqd8nrMEDNeHobwaMS9z44yCjgHo0NY
    rOQcgxf3ATASJHfokrpKi6mkRO3bnyytu8VB2ekGdHN3WCab84RXR+9BddNrVQDm
    mc1cCH35ZjJiLYz/h9xvowyeJb8hR6GgfL14BZPFcJkyHgyDjKPa4nCZKLCnIJqM
    4CWwU0msAkqEMtzF0YgEtk6oaNT5h6GCd/lkFxa0Wkl6KRjTgS56FU84UT64mpQM
    rq4Y0xtYlTsrOYXzcn1tnXCXfkBKke6Ck4SPepfSS8RO73+8a/LfHRGQKMOCOh1M
    hT0jp/cMIwc78/Zk1+ohXiIre1HWatsS1UbMhNV7rwSl1V4etlC+KKQxEai3R8DN
    NY0HikvtIVmpDWnk9wLzzjUKVQPtj/EHNNW1d7miArS1Y9wvLSA5UeuWFDUrU2nD
    +zbrrJLz60cWpt4DVswavUhZz+xjxqvaC1SrYTXieOjKan6HV5ULYOnwApQ78NVh
    bBbs62mwHavAhWmNUcuykUgr1ZG3aaqXiWE1QBMIEvU52n736qG1OXlOLnBJJjAQ
    VMs7DEF9ZASHQkO+CMCA6L2yBVKLvFv+bd46na4LwIo9/eJ3GDUOz6xLkJEgL2Au
    a3nELYeh4BjO89Sy7Mb4omwGzkO6HjZxmDVCXINdZSX4yqHe//LKWoeJ5l6om73w
    BhnYhvQYYImvwjl9DA5NDllDaCiUbwsdDQFCOzEcs7j9USk/kzCTFgXZwvzAqeNJ
    yN/3YlP2s2pcFkoHPG3spwPjKw9dQi1oKGcThF//q1hm6mlyVYP0/8AfRCBaz7Rk
    ArdTB7XIULvocaJXCxUczvN9uZ8P7SOBIMJ0kdOgoPDnelaA08s8uBh5cmVYs8RP
    dGa/x0IML3JPdfc2PYueLyBK9BlodiGRTkhZkMIi+JN6oAcVjc1V4Ne9FssMJ3/E
    a2JYLprgNx99R9tF3y6gBBH0cpgXmOYZimDOgdkelLADkizt6HFWteXc2T4d22J8
    x8YMiA+67vWft69jIgJhW+w8W7XsX4M2HBHSLOU4GdxbmFuUPu2kxjlFeXAv1tN1
    1OjopqjfhhjwnCXG3D35T0Mm2QxKQbNuBfKlYiHb8eY75qDQTTmb71Sbn2SqhjKn
    WwKARv21giNU2iwDcwQ1PexDL+VlLP1epO0zmbQ4PGQm0oXn5wT8Ero0KbAm0RVS
    9ZR/AwrUBHKIBPgT4bzL5YriY9fowmnO+F5XDAnhVje0bjSJ7SwwcN3pcxG8UV//
    laF8XvfVS8q9w1J6qRVBbNVdN9uxFCTM5YSV63Ku8L3N//YS+MXKwRv4ghsp2XXr
    JEeslnBuzL2+T7tRsycS+kFaMbu5dg==
    =hCS3
    -----END PGP SIGNATURE-----
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.