Linux Security
    Linux Security
    Linux Security

    Debian: DSA-4289-1: chromium-browser security update

    Date
    3304
    Posted By
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4289-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    September 07, 2018                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068
                     CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073
                     CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077
                     CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081
                     CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-16065
    
        Brendon Tiszka discovered an out-of-bounds write issue in the v8
        javascript library.
    
    CVE-2018-16066
    
        cloudfuzzer discovered an out-of-bounds read issue in blink/webkit.
    
    CVE-2018-16067
    
        Zhe Jin discovered an out-of-bounds read issue in the WebAudio
        implementation.
    
    CVE-2018-16068
    
        Mark Brand discovered an out-of-bounds write issue in the Mojo
        message passing library.
    
    CVE-2018-16069
    
        Mark Brand discovered an out-of-bounds read issue in the swiftshader
        library.
    
    CVE-2018-16070
    
        Ivan Fratric discovered an integer overflow issue in the skia library.
    
    CVE-2018-16071
    
        Natalie Silvanovich discovered a use-after-free issue in the WebRTC
        implementation.
    
    CVE-2018-16073
    
        Jun Kokatsu discovered an error in the Site Isolation feature when
        restoring browser tabs.
    
    CVE-2018-16074
    
        Jun Kokatsu discovered an error in the Site Isolation feature when
        using a Blob URL.
    
    CVE-2018-16075
    
        Pepe Vila discovered an error that could allow remote sites to access
        local files.
    
    CVE-2018-16076
    
        Aseksandar Nikolic discovered an out-of-bounds read issue in the pdfium
        library.
    
    CVE-2018-16077
    
        Manuel Caballero discovered a way to bypass the Content Security Policy.
    
    CVE-2018-16078
    
        Cailan Sacks discovered that the Autofill feature could leak saved
        credit card information.
    
    CVE-2018-16079
    
        Markus Vervier and Michele Orrù discovered a URL spoofing issue.
    
    CVE-2018-16080
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-16081
    
        Jann Horn discovered that local files could be accessed in the developer
        tools.
    
    CVE-2018-16082
    
        Omair discovered a buffer overflow issue in the swiftshader library.
    
    CVE-2018-16083
    
        Natalie Silvanovich discovered an out-of-bounds read issue in the WebRTC
        implementation.
    
    CVE-2018-16084
    
        Jun Kokatsu discovered a way to bypass a user confirmation dialog.
    
    CVE-2018-16085
    
        Roman Kuksin discovered a use-after-free issue.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 69.0.3497.81-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluTPsYACgkQuNayzQLW
    9HOH9SAAhUYy8owwFEnMz5CUmqFiZTeac4bTtSm7EnDKtlyITWn0+PW054FXzRN4
    +rXkjyN086qknXE74J7ByTPsFREXHT/NZPjen+gDVW381H/hl7S6rYgtxtjX8NXf
    q865bn3mWda7Y2+Z3MHpcWzeJHOtaIvWDvA4FJl+Au+SwaIhn/SdQUGBetgdgDEa
    tDBgqq3SdIGE75A00ugJiGDYKgBV4gqqOfQAKuXYMSUjDxhhiXLA65MEMTRYHBYx
    +HXZTjFJCWBCGUS11bYkYVXwaU/sjmUmsaQHyG3LcLCe+a2sA54TZqLVs6nRD335
    G5vOwM1g2Gg5ueVDMRaZh8caHBJIUYy3ir7yWH+Xke4jMSsb0elDPg1dZbmEgfPC
    gdCtiEbOwjkoa/FNLQNU8i7Tpa9daG90/hZcOT9vmKqbV+OOX21bNvpp40yQiWib
    vqv518VaWz3cQlRprTdKuxh2/l9ljw0r7mwWKyNocyUpRlPFLLYyQZ38ayuImx2E
    Itki39z2jFLJqbx/a3hS0zxgdVY3tLuH0++EZOZpW5kkOU4zcLv1dfBkTcfewH3b
    b3tGELiC5Odbfl7+Lr18znZI+h4hiIr7/8jbhbwS+A/vfEk2RdTxS6wAyXl4Hmnl
    Nr8Fd1cXGDPArZWz121rXVsmMe+X+1il4Wv8gRXrCqGKHIuZqUxKwHMI6AQRhyZs
    jh2rANUTG4ymEIYlEmP47p48FKTdAQfjusN/r/TQw/yekbJxs5MB8yfkj5TF1pE9
    wTaJEMNniafSdKJlUPjbRcYapMSVrv/78gA6U76hbgDD8mDIZTBBtTNorvlUBBO+
    rdB+iXC7HDUJbH2bRKD5qMrJg7euehMPMyGS/Hgfoi3Afzl65jYzRo63UwHd7JtX
    iAmSh71Og4r3joIAiI+nU640HtaIFZVNIDWyv+DZ/pj5KvQYSfNzdJA6wJJ3kBhO
    fHA5+mMMq8JNHigaEdBBL2yJ9f5YPgMF6rYrcGIm/OOtoVrKrD14d2VOGLYpZOQl
    n37iVgLPaYPjoY1uqbJlDbkXRFiH18qdyyaCwpfug9byb7sDEHMdDJzdufwqCblS
    yP1KB3hqMkzraPSg5P0UJNqdnUAE5MppI3EEEg4Yx6QWnp9ndGfuAFfJccVqar/J
    h4rwpMKohvHZafPoTh2FP9LZGA9EAVrWXYSiRK7adHh5migJTj7iOtZdH+QIA7+z
    MOVW/GxhCooOLcK+7QEqbEDvVe3i9Q9XF7nKxB9a1I/wCbEjaBtBDU9v2YYhnFqG
    GKzdkLJ5XMGRESAmS00M+wjSYwz21IRcsbNSDDfBd47cPgJtMx1E7y4DCQKFbeew
    kcAqUzecxA2yi/6cAnzTd/wDKeHGlQ==
    =tyZu
    -----END PGP SIGNATURE-----
    
    

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.