Debian: DSA-4330-1: chromium-browser security update

    Date02 Nov 2018
    CategoryDebian
    5977
    Posted ByAnthony Pell
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-5179
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4330-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    November 02, 2018                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464
                     CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468
                     CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473
                     CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-5179
    
        Yannic Boneberger discovered an error in the ServiceWorker implementation.
    
    CVE-2018-17462
    
        Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.
    
    CVE-2018-17463
    
        Ned Williamson and Niklas Baumstark discovered a remote code execution
        issue in the v8 javascript library.
    
    CVE-2018-17464
    
        xisigr discovered a URL spoofing issue.
    
    CVE-2018-17465
    
        Lin Zuojian discovered a use-after-free issue in the v8 javascript
        library.
    
    CVE-2018-17466
    
        Omair discovered a memory corruption issue in the angle library.
    
    CVE-2018-17467
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-17468
    
        Jams Lee discovered an information disclosure issue.
    
    CVE-2018-17469
    
        Zhen Zhou discovered a buffer overflow issue in the pdfium library.
    
    CVE-2018-17470
    
        Zhe Jin discovered a memory corruption issue in the GPU backend
        implementation.
    
    CVE-2018-17471
    
        Lnyas Zhang discovered an issue with the full screen user interface.
    
    CVE-2018-17473
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-17474
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2018-17475
    
        Vladimir Metnew discovered a URL spoofing issue.
    
    CVE-2018-17476
    
        Khalil Zhani discovered an issue with the full screen user interface.
    
    CVE-2018-17477
    
        Aaron Muir Hamilton discovered a user interface spoofing issue in the
        extensions pane.
    
    This update also fixes a buffer overflow in the embedded lcms library included
    with chromium.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 70.0.3538.67-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    Advisories

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.