Debian: DSA-4352-1: chromium-browser security update

    Date07 Dec 2018
    CategoryDebian
    7628
    Posted ByAnthony Pell
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-17480
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4352-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    December 07, 2018                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
                     CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
                     CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
                     CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
                     CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
                     CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
                     CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-17480
    
        Guang Gong discovered an out-of-bounds write issue in the v8 javascript
        library.
    
    CVE-2018-17481
    
        Several use-after-free issues were discovered in the pdfium library.
    
    CVE-2018-18335
    
        A buffer overflow issue was discovered in the skia library.
    
    CVE-2018-18336
    
        Huyna discovered a use-after-free issue in the pdfium library.
    
    CVE-2018-18337
    
        cloudfuzzer discovered a use-after-free issue in blink/webkit.
    
    CVE-2018-18338
    
        Zhe Jin discovered a buffer overflow issue in the canvas renderer.
    
    CVE-2018-18339
    
        cloudfuzzer discovered a use-after-free issue in the WebAudio
        implementation.
    
    CVE-2018-18340
    
        A use-after-free issue was discovered in the MediaRecorder implementation.
    
    CVE-2018-18341
    
        cloudfuzzer discovered a buffer overflow issue in blink/webkit.
    
    CVE-2018-18342
    
        Guang Gong discovered an out-of-bounds write issue in the v8 javascript
        library.
    
    CVE-2018-18343
    
        Tran Tien Hung discovered a use-after-free issue in the skia library.
    
    CVE-2018-18344
    
        Jann Horn discovered an error in the Extensions implementation.
    
    CVE-2018-18345
    
        Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation
        feature.
    
    CVE-2018-18346
    
        Luan Herrera discovered an error in the user interface.
    
    CVE-2018-18347
    
        Luan Herrera discovered an error in the Navigation implementation.
    
    CVE-2018-18348
    
        Ahmed Elsobky discovered an error in the omnibox implementation.
    
    CVE-2018-18349
    
        David Erceg discovered a policy enforcement error.
    
    CVE-2018-18350
    
        Jun Kokatsu discovered a policy enforcement error.
    
    CVE-2018-18351
    
        Jun Kokatsu discovered a policy enforcement error.
    
    CVE-2018-18352
    
        Jun Kokatsu discovered an error in Media handling.
    
    CVE-2018-18353
    
        Wenxu Wu discovered an error in the network authentication implementation.
    
    CVE-2018-18354
    
        Wenxu Wu discovered an error related to integration with GNOME Shell.
    
    CVE-2018-18355
    
        evil1m0 discovered a policy enforcement error.
    
    CVE-2018-18356
    
        Tran Tien Hung discovered a use-after-free issue in the skia library.
    
    CVE-2018-18357
    
        evil1m0 discovered a policy enforcement error.
    
    CVE-2018-18358
    
        Jann Horn discovered a policy enforcement error.
    
    CVE-2018-18359
    
        cyrilliu discovered an out-of-bounds read issue in the v8 javascript
        library.
    
    Several additional security relevant issues are also fixed in this update
    that have not yet received CVE identifiers.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 71.0.3578.80-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.