Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 27: 2018-812b5d5a71 Critical: Chromium Buffer Overflow

fedora
Calendar Grey June 5, 2018
Dist Fedora Esm H88
Fedora 27 users must update Chromium to fix serious vulnerabilities that may allow code execution and data leaks, ensuring system security and integrity
Update to 66.0.3359.181

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086

CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091

CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096

CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101

CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106

CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111

CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117

CVE-2018-6118 CVE-2018-6121 CVE-2018-6122 CVE-2018-6120

* Wed May 23 2018 Tom Callaway 66.0.3359.181-2

- fix missing files

* Mon May 21 2018 Tom Callaway 66.0.3359.181-1

- update to 66.0.3359.181

* Tue May 15 2018 Tom Callaway 66.0.3359.170-2

- only x86_64 i686 have swiftshader

- fix gcc8 alignof issue on i686

* Mon May 14 2018 Tom Callaway 66.0.3359.170-1

- update to 66.0.3359.170

- include swiftshader files

* Tue May 1 2018 Tom Callaway 66.0.3359.139-1

- update to 66.0.3359.139

* Wed Apr 18 2018 Tom Callaway 66.0.3359.117-1

- update to 66.0.3359.117

* Tue Apr 17 2018 Tom Callaway 65.0.3325.181-3

- use system fontconfig (except on epel7)

* Wed Apr 4 2018 Tom Callaway 65.0.3325.181-2

- add explicit dependency on minizip (bz 1534282)

* Wed Mar 28 2018 Tom Callaway

- check that there is no system 'google' module, shadowing bundled ones

- conditionalize api keys (on by default)

* Wed Mar 21 2018 Tom Callaway 65.0.3325.181-1

- update to 65.0.3325.181

* Mon Mar 19 2018 Tom Callaway 65.0.3325.162-3

- use bundled libdrm on epel7

* Fri Mar 16 2018 Tom Callaway 65.0.3325.162-2

- disable StartupNotify in chromium-browser.desktop (not in google-chrome desktop file)

(bz1545241)

- use bundled freetype on epel7

* Wed Mar 14 2018 Tom Callaway 65.0.3325.162-1

- update to 65.0.3325.162

* Wed Mar 7 2018 Tom Callaway 65.0.3325.146-1

- update to 65.0.3325.146

* Mon Mar 5 2018 Tom Callaway 64.0.3282.186-1

- update to 64.0.3282.186

* Fri Feb 16 2018 Tom Callaway 64.0.3282.167-1

- update to 64.0.3282.167

- include workaround for gcc8 bug in gn

- disable unnecessary aarch64 glibc symbol change

* Fri Feb 2 2018 Tom Callaway 64.0.3282.140-1

- update to 64.0.3282.140

* Thu Feb 1 2018 Tom Callaway 64.0.3282.119-2

- include user-session binary in chrome-remote-desktop subpackage

* Thu Jan 25 2018 Tom Callaway 64.0.3282.119-1

- update to 64.0.3282.119

* Fri Dec 15 2017 Tomas Popela 63.0.3239.108-1

- Update to 63.0.3239.108

* Thu Dec 7 2017 Tom Callaway 63.0.3239.84-1

- update to 63.0.3239.84

* Wed Nov 8 2017 Tom Callaway 62.0.3202.89-1

- update to 62.0.3202.89

* Fri Oct 27 2017 Tom Callaway 62.0.3202.75-1

- update to 62.0.3202.75

- use devtoolset-7-toolchain to build on epel7

* Tue Oct 24 2017 Tom Callaway 62.0.3202.62-1.1

- do not attempt std=c++14 on epel7

* Wed Oct 18 2017 Tom Callaway 62.0.3202.62-1

- update to 62.0.3202.62

[ 1 ] Bug #1577115 - CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1577115

[ 2 ] Bug #1577114 - CVE-2018-6122 chromium-browser: Type confusion in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1577114

[ 3 ] Bug #1577113 - CVE-2018-6121 chromium-browser: Privilege Escalation in extensions

https://bugzilla.redhat.com/show_bug.cgi?id=1577113

[ 4 ] Bug #1573856 - CVE-2018-6118 chromium-browser: Use after free in Media Cache

https://bugzilla.redhat.com/show_bug.cgi?id=1573856

[ 5 ] Bug #1568797 - CVE-2018-6117 chromium-browser: Confusing autofill settings

https://bugzilla.redhat.com/show_bug.cgi?id=1568797

[ 6 ] Bug #1568796 - CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly

https://bugzilla.redhat.com/show_bug.cgi?id=1568796

[ 7 ] Bug #1568795 - CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads

https://bugzilla.redhat.com/show_bug.cgi?id=1568795

[ 8 ] Bug #1568794 - CVE-2018-6114 chromium-browser: CSP bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1568794

[ 9 ] Bug #1568793 - CVE-2018-6113 chromium-browser: URL spoof in Navigation

https://bugzilla.redhat.com/show_bug.cgi?id=1568793

[ 10 ] Bug #1568792 - CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools

https://bugzilla.redhat.com/show_bug.cgi?id=1568792

[ 11 ] Bug #1568791 - CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools

https://bugzilla.redhat.com/show_bug.cgi?id=1568791

[ 12 ] Bug #1568790 - CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://

https://bugzilla.redhat.com/show_bug.cgi?id=1568790

[ 13 ] Bug #1568789 - CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI

https://bugzilla.redhat.com/show_bug.cgi?id=1568789

[ 14 ] Bug #1568788 - CVE-2018-6108 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568788

[ 15 ] Bug #1568787 - CVE-2018-6107 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568787

[ 16 ] Bug #1568786 - CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8

https://bugzilla.redhat.com/show_bug.cgi?id=1568786

[ 17 ] Bug #1568785 - CVE-2018-6105 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568785

[ 18 ] Bug #1568782 - CVE-2018-6104 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568782

[ 19 ] Bug #1568781 - CVE-2018-6103 chromium-browser: UI spoof in Permissions

https://bugzilla.redhat.com/show_bug.cgi?id=1568781

[ 20 ] Bug #1568780 - CVE-2018-6102 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568780

[ 21 ] Bug #1568779 - CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools

https://bugzilla.redhat.com/show_bug.cgi?id=1568779

[ 22 ] Bug #1568778 - CVE-2018-6100 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568778

[ 23 ] Bug #1568777 - CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker

https://bugzilla.redhat.com/show_bug.cgi?id=1568777

[ 24 ] Bug #1568776 - CVE-2018-6098 chromium-browser: URL spoof in Omnibox

https://bugzilla.redhat.com/show_bug.cgi?id=1568776

[ 25 ] Bug #1568775 - CVE-2018-6097 chromium-browser: Fullscreen UI spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1568775

[ 26 ] Bug #1568774 - CVE-2018-6096 chromium-browser: Fullscreen UI spoof

https://bugzilla.redhat.com/show_bug.cgi?id=1568774

[ 27 ] Bug #1568773 - CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload

https://bugzilla.redhat.com/show_bug.cgi?id=1568773

[ 28 ] Bug #1568771 - CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan

https://bugzilla.redhat.com/show_bug.cgi?id=1568771

[ 29 ] Bug #1568770 - CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker

https://bugzilla.redhat.com/show_bug.cgi?id=1568770

[ 30 ] Bug #1568769 - CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly

https://bugzilla.redhat.com/show_bug.cgi?id=1568769

[ 31 ] Bug #1568767 - CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker

https://bugzilla.redhat.com/show_bug.cgi?id=1568767

[ 32 ] Bug #1568766 - CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia

https://bugzilla.redhat.com/show_bug.cgi?id=1568766

[ 33 ] Bug #1568765 - CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker

https://bugzilla.redhat.com/show_bug.cgi?id=1568765

[ 34 ] Bug #1568764 - CVE-2018-6088 chromium-browser: Use after free in PDFium

https://bugzilla.redhat.com/show_bug.cgi?id=1568764

[ 35 ] Bug #1568763 - CVE-2018-6087 chromium-browser: Use after free in WebAssembly

https://bugzilla.redhat.com/show_bug.cgi?id=1568763

[ 36 ] Bug #1568762 - CVE-2018-6086 chromium-browser: Use after free in Disk Cache

https://bugzilla.redhat.com/show_bug.cgi?id=1568762

[ 37 ] Bug #1568761 - CVE-2018-6085 chromium-browser: Use after free in Disk Cache

https://bugzilla.redhat.com/show_bug.cgi?id=1568761

su -c 'dnf upgrade --advisory FEDORA-2018-812b5d5a71' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3R4UPGKKZ56KTGNOT2UBMDZTWJQWIM3/

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update Fedora Chromium

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 66.0.3359.181
Release: 2.fc27
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update Fedora Chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here