Debian: DSA-4237-1: chromium-browser security update

    Date 30 Jun 2018
    6714
    Posted By Anthony Pell
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4237-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    June 30, 2018                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122
                     CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126
                     CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131
                     CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135
                     CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139
                     CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143
                     CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148
                     CVE-2018-6149
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-6118
    
        Ned Williamson discovered a use-after-free issue.
    
    CVE-2018-6120
    
        Zhou Aiting discovered a buffer overflow issue in the pdfium library.
    
    CVE-2018-6121
    
        It was discovered that malicious extensions could escalate privileges.
    
    CVE-2018-6122
    
        A type confusion issue was discovered in the v8 javascript library.
    
    CVE-2018-6123
    
        Looben Yang discovered a use-after-free issue.
    
    CVE-2018-6124
    
        Guang Gong discovered a type confusion issue.
    
    CVE-2018-6125
    
        Yubico discovered that the WebUSB implementation was too permissive.
    
    CVE-2018-6126
    
        Ivan Fratric discovered a buffer overflow issue in the skia library.
    
    CVE-2018-6127
    
        Looben Yang discovered a use-after-free issue.
    
    CVE-2018-6129
    
        Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
    
    CVE-2018-6130
    
        Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
    
    CVE-2018-6131
    
        Natalie Silvanovich discovered an error in WebAssembly.
    
    CVE-2018-6132
    
        Ronald E. Crane discovered an uninitialized memory issue.
    
    CVE-2018-6133
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6134
    
        Jun Kokatsu discovered a way to bypass the Referrer Policy.
    
    CVE-2018-6135
    
        Jasper Rebane discovered a user interface spoofing issue.
    
    CVE-2018-6136
    
        Peter Wong discovered an out-of-bounds read issue in the v8 javascript
        library.
    
    CVE-2018-6137
    
        Michael Smith discovered an information leak.
    
    CVE-2018-6138
    
        François Lajeunesse-Robert discovered that the extensions policy was
        too permissive.
    
    CVE-2018-6139
    
        Rob Wu discovered a way to bypass restrictions in the debugger extension.
    
    CVE-2018-6140
    
        Rob Wu discovered a way to bypass restrictions in the debugger extension.
    
    CVE-2018-6141
    
        Yangkang discovered a buffer overflow issue in the skia library.
    
    CVE-2018-6142
    
        Choongwoo Han discovered an out-of-bounds read in the v8 javascript
        library.
    
    CVE-2018-6143
    
        Guang Gong discovered an out-of-bounds read in the v8 javascript library.
    
    CVE-2018-6144
    
        pdknsk discovered an out-of-bounds read in the pdfium library.
    
    CVE-2018-6145
    
        Masato Kinugawa discovered an error in the MathML implementation.
    
    CVE-2018-6147
    
        Michail Pishchagin discovered an error in password entry fields.
    
    CVE-2018-6148
    
        Micha? Bentkowski discovered that the Content Security Policy header
        was handled incorrectly.
    
    CVE-2018-6149
    
        Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the
        v8 javascript library.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 67.0.3396.87-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAls4J2QACgkQuNayzQLW
    9HP9zR/+OKevx5/QJndGvdxJ/gce4jMx9iqd8nrMEDNeHobwaMS9z44yCjgHo0NY
    rOQcgxf3ATASJHfokrpKi6mkRO3bnyytu8VB2ekGdHN3WCab84RXR+9BddNrVQDm
    mc1cCH35ZjJiLYz/h9xvowyeJb8hR6GgfL14BZPFcJkyHgyDjKPa4nCZKLCnIJqM
    4CWwU0msAkqEMtzF0YgEtk6oaNT5h6GCd/lkFxa0Wkl6KRjTgS56FU84UT64mpQM
    rq4Y0xtYlTsrOYXzcn1tnXCXfkBKke6Ck4SPepfSS8RO73+8a/LfHRGQKMOCOh1M
    hT0jp/cMIwc78/Zk1+ohXiIre1HWatsS1UbMhNV7rwSl1V4etlC+KKQxEai3R8DN
    NY0HikvtIVmpDWnk9wLzzjUKVQPtj/EHNNW1d7miArS1Y9wvLSA5UeuWFDUrU2nD
    +zbrrJLz60cWpt4DVswavUhZz+xjxqvaC1SrYTXieOjKan6HV5ULYOnwApQ78NVh
    bBbs62mwHavAhWmNUcuykUgr1ZG3aaqXiWE1QBMIEvU52n736qG1OXlOLnBJJjAQ
    VMs7DEF9ZASHQkO+CMCA6L2yBVKLvFv+bd46na4LwIo9/eJ3GDUOz6xLkJEgL2Au
    a3nELYeh4BjO89Sy7Mb4omwGzkO6HjZxmDVCXINdZSX4yqHe//LKWoeJ5l6om73w
    BhnYhvQYYImvwjl9DA5NDllDaCiUbwsdDQFCOzEcs7j9USk/kzCTFgXZwvzAqeNJ
    yN/3YlP2s2pcFkoHPG3spwPjKw9dQi1oKGcThF//q1hm6mlyVYP0/8AfRCBaz7Rk
    ArdTB7XIULvocaJXCxUczvN9uZ8P7SOBIMJ0kdOgoPDnelaA08s8uBh5cmVYs8RP
    dGa/x0IML3JPdfc2PYueLyBK9BlodiGRTkhZkMIi+JN6oAcVjc1V4Ne9FssMJ3/E
    a2JYLprgNx99R9tF3y6gBBH0cpgXmOYZimDOgdkelLADkizt6HFWteXc2T4d22J8
    x8YMiA+67vWft69jIgJhW+w8W7XsX4M2HBHSLOU4GdxbmFuUPu2kxjlFeXAv1tN1
    1OjopqjfhhjwnCXG3D35T0Mm2QxKQbNuBfKlYiHb8eY75qDQTTmb71Sbn2SqhjKn
    WwKARv21giNU2iwDcwQ1PexDL+VlLP1epO0zmbQ4PGQm0oXn5wT8Ero0KbAm0RVS
    9ZR/AwrUBHKIBPgT4bzL5YriY9fowmnO+F5XDAnhVje0bjSJ7SwwcN3pcxG8UV//
    laF8XvfVS8q9w1J6qRVBbNVdN9uxFCTM5YSV63Ku8L3N//YS+MXKwRv4ghsp2XXr
    JEeslnBuzL2+T7tRsycS+kFaMbu5dg==
    =hCS3
    -----END PGP SIGNATURE-----
    
    

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"13","type":"x","order":"1","pct":61.9,"resources":[]},{"id":"121","title":"No ","votes":"8","type":"x","order":"2","pct":38.1,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.