-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4352-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
December 07, 2018                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
                 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
                 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
                 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
                 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
                 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
                 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-17480

    Guang Gong discovered an out-of-bounds write issue in the v8 javascript
    library.

CVE-2018-17481

    Several use-after-free issues were discovered in the pdfium library.

CVE-2018-18335

    A buffer overflow issue was discovered in the skia library.

CVE-2018-18336

    Huyna discovered a use-after-free issue in the pdfium library.

CVE-2018-18337

    cloudfuzzer discovered a use-after-free issue in blink/webkit.

CVE-2018-18338

    Zhe Jin discovered a buffer overflow issue in the canvas renderer.

CVE-2018-18339

    cloudfuzzer discovered a use-after-free issue in the WebAudio
    implementation.

CVE-2018-18340

    A use-after-free issue was discovered in the MediaRecorder implementation.

CVE-2018-18341

    cloudfuzzer discovered a buffer overflow issue in blink/webkit.

CVE-2018-18342

    Guang Gong discovered an out-of-bounds write issue in the v8 javascript
    library.

CVE-2018-18343

    Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18344

    Jann Horn discovered an error in the Extensions implementation.

CVE-2018-18345

    Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation
    feature.

CVE-2018-18346

    Luan Herrera discovered an error in the user interface.

CVE-2018-18347

    Luan Herrera discovered an error in the Navigation implementation.

CVE-2018-18348

    Ahmed Elsobky discovered an error in the omnibox implementation.

CVE-2018-18349

    David Erceg discovered a policy enforcement error.

CVE-2018-18350

    Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18351

    Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18352

    Jun Kokatsu discovered an error in Media handling.

CVE-2018-18353

    Wenxu Wu discovered an error in the network authentication implementation.

CVE-2018-18354

    Wenxu Wu discovered an error related to integration with GNOME Shell.

CVE-2018-18355

    evil1m0 discovered a policy enforcement error.

CVE-2018-18356

    Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18357

    evil1m0 discovered a policy enforcement error.

CVE-2018-18358

    Jann Horn discovered a policy enforcement error.

CVE-2018-18359

    cyrilliu discovered an out-of-bounds read issue in the v8 javascript
    library.

Several additional security relevant issues are also fixed in this update
that have not yet received CVE identifiers.

For the stable distribution (stretch), these problems have been fixed in
version 71.0.3578.80-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-4352-1: chromium-browser security update

December 8, 2018
Several vulnerabilities have been discovered in the chromium web browser

Summary

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-17480

Guang Gong discovered an out-of-bounds write issue in the v8 javascript
library.

CVE-2018-17481

Several use-after-free issues were discovered in the pdfium library.

CVE-2018-18335

A buffer overflow issue was discovered in the skia library.

CVE-2018-18336

Huyna discovered a use-after-free issue in the pdfium library.

CVE-2018-18337

cloudfuzzer discovered a use-after-free issue in blink/webkit.

CVE-2018-18338

Zhe Jin discovered a buffer overflow issue in the canvas renderer.

CVE-2018-18339

cloudfuzzer discovered a use-after-free issue in the WebAudio
implementation.

CVE-2018-18340

A use-after-free issue was discovered in the MediaRecorder implementation.

CVE-2018-18341

cloudfuzzer discovered a buffer overflow issue in blink/webkit.

CVE-2018-18342

Guang Gong discovered an out-of-bounds write issue in the v8 javascript
library.

CVE-2018-18343

Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18344

Jann Horn discovered an error in the Extensions implementation.

CVE-2018-18345

Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation
feature.

CVE-2018-18346

Luan Herrera discovered an error in the user interface.

CVE-2018-18347

Luan Herrera discovered an error in the Navigation implementation.

CVE-2018-18348

Ahmed Elsobky discovered an error in the omnibox implementation.

CVE-2018-18349

David Erceg discovered a policy enforcement error.

CVE-2018-18350

Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18351

Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18352

Jun Kokatsu discovered an error in Media handling.

CVE-2018-18353

Wenxu Wu discovered an error in the network authentication implementation.

CVE-2018-18354

Wenxu Wu discovered an error related to integration with GNOME Shell.

CVE-2018-18355

evil1m0 discovered a policy enforcement error.

CVE-2018-18356

Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18357

evil1m0 discovered a policy enforcement error.

CVE-2018-18358

Jann Horn discovered a policy enforcement error.

CVE-2018-18359

cyrilliu discovered an out-of-bounds read issue in the v8 javascript
library.

Several additional security relevant issues are also fixed in this update
that have not yet received CVE identifiers.

For the stable distribution (stretch), these problems have been fixed in
version 71.0.3578.80-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : chromium-browser
CVE ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
CVE-2018-18357 CVE-2018-18358 CVE-2018-18359

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up