Debian: DSA-4289-1: chromium-browser security update

    Date07 Sep 2018
    CategoryDebian
    2980
    Posted ByAnthony Pell
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4289-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    September 07, 2018                    https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068
                     CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073
                     CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077
                     CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081
                     CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-16065
    
        Brendon Tiszka discovered an out-of-bounds write issue in the v8
        javascript library.
    
    CVE-2018-16066
    
        cloudfuzzer discovered an out-of-bounds read issue in blink/webkit.
    
    CVE-2018-16067
    
        Zhe Jin discovered an out-of-bounds read issue in the WebAudio
        implementation.
    
    CVE-2018-16068
    
        Mark Brand discovered an out-of-bounds write issue in the Mojo
        message passing library.
    
    CVE-2018-16069
    
        Mark Brand discovered an out-of-bounds read issue in the swiftshader
        library.
    
    CVE-2018-16070
    
        Ivan Fratric discovered an integer overflow issue in the skia library.
    
    CVE-2018-16071
    
        Natalie Silvanovich discovered a use-after-free issue in the WebRTC
        implementation.
    
    CVE-2018-16073
    
        Jun Kokatsu discovered an error in the Site Isolation feature when
        restoring browser tabs.
    
    CVE-2018-16074
    
        Jun Kokatsu discovered an error in the Site Isolation feature when
        using a Blob URL.
    
    CVE-2018-16075
    
        Pepe Vila discovered an error that could allow remote sites to access
        local files.
    
    CVE-2018-16076
    
        Aseksandar Nikolic discovered an out-of-bounds read issue in the pdfium
        library.
    
    CVE-2018-16077
    
        Manuel Caballero discovered a way to bypass the Content Security Policy.
    
    CVE-2018-16078
    
        Cailan Sacks discovered that the Autofill feature could leak saved
        credit card information.
    
    CVE-2018-16079
    
        Markus Vervier and Michele Orrù discovered a URL spoofing issue.
    
    CVE-2018-16080
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-16081
    
        Jann Horn discovered that local files could be accessed in the developer
        tools.
    
    CVE-2018-16082
    
        Omair discovered a buffer overflow issue in the swiftshader library.
    
    CVE-2018-16083
    
        Natalie Silvanovich discovered an out-of-bounds read issue in the WebRTC
        implementation.
    
    CVE-2018-16084
    
        Jun Kokatsu discovered a way to bypass a user confirmation dialog.
    
    CVE-2018-16085
    
        Roman Kuksin discovered a use-after-free issue.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 69.0.3497.81-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    -----BEGIN PGP SIGNATURE-----
    
    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluTPsYACgkQuNayzQLW
    9HOH9SAAhUYy8owwFEnMz5CUmqFiZTeac4bTtSm7EnDKtlyITWn0+PW054FXzRN4
    +rXkjyN086qknXE74J7ByTPsFREXHT/NZPjen+gDVW381H/hl7S6rYgtxtjX8NXf
    q865bn3mWda7Y2+Z3MHpcWzeJHOtaIvWDvA4FJl+Au+SwaIhn/SdQUGBetgdgDEa
    tDBgqq3SdIGE75A00ugJiGDYKgBV4gqqOfQAKuXYMSUjDxhhiXLA65MEMTRYHBYx
    +HXZTjFJCWBCGUS11bYkYVXwaU/sjmUmsaQHyG3LcLCe+a2sA54TZqLVs6nRD335
    G5vOwM1g2Gg5ueVDMRaZh8caHBJIUYy3ir7yWH+Xke4jMSsb0elDPg1dZbmEgfPC
    gdCtiEbOwjkoa/FNLQNU8i7Tpa9daG90/hZcOT9vmKqbV+OOX21bNvpp40yQiWib
    vqv518VaWz3cQlRprTdKuxh2/l9ljw0r7mwWKyNocyUpRlPFLLYyQZ38ayuImx2E
    Itki39z2jFLJqbx/a3hS0zxgdVY3tLuH0++EZOZpW5kkOU4zcLv1dfBkTcfewH3b
    b3tGELiC5Odbfl7+Lr18znZI+h4hiIr7/8jbhbwS+A/vfEk2RdTxS6wAyXl4Hmnl
    Nr8Fd1cXGDPArZWz121rXVsmMe+X+1il4Wv8gRXrCqGKHIuZqUxKwHMI6AQRhyZs
    jh2rANUTG4ymEIYlEmP47p48FKTdAQfjusN/r/TQw/yekbJxs5MB8yfkj5TF1pE9
    wTaJEMNniafSdKJlUPjbRcYapMSVrv/78gA6U76hbgDD8mDIZTBBtTNorvlUBBO+
    rdB+iXC7HDUJbH2bRKD5qMrJg7euehMPMyGS/Hgfoi3Afzl65jYzRo63UwHd7JtX
    iAmSh71Og4r3joIAiI+nU640HtaIFZVNIDWyv+DZ/pj5KvQYSfNzdJA6wJJ3kBhO
    fHA5+mMMq8JNHigaEdBBL2yJ9f5YPgMF6rYrcGIm/OOtoVrKrD14d2VOGLYpZOQl
    n37iVgLPaYPjoY1uqbJlDbkXRFiH18qdyyaCwpfug9byb7sDEHMdDJzdufwqCblS
    yP1KB3hqMkzraPSg5P0UJNqdnUAE5MppI3EEEg4Yx6QWnp9ndGfuAFfJccVqar/J
    h4rwpMKohvHZafPoTh2FP9LZGA9EAVrWXYSiRK7adHh5migJTj7iOtZdH+QIA7+z
    MOVW/GxhCooOLcK+7QEqbEDvVe3i9Q9XF7nKxB9a1I/wCbEjaBtBDU9v2YYhnFqG
    GKzdkLJ5XMGRESAmS00M+wjSYwz21IRcsbNSDDfBd47cPgJtMx1E7y4DCQKFbeew
    kcAqUzecxA2yi/6cAnzTd/wDKeHGlQ==
    =tyZu
    -----END PGP SIGNATURE-----
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"3","type":"x","order":"3","pct":21.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.