Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

openSUSE Leap 42.3: SUSE-SU-2018:3396-1 Important: Chromium Fixes

opensuse
Calendar Grey October 24, 2018
Dist Opensuse Esm H88
This crucial enhancement for Fedora addresses various vulnerabilities in Firefox, improving both safety and efficiency.
An update that fixes 17 vulnerabilities is now available.

Description

This update for Chromium to version 70.0.3538.67 fixes multiple issues.

Security issues fixed (bsc#1112111):

- CVE-2018-17462: Sandbox escape in AppCache

- CVE-2018-17463: Remote code execution in V8

- Heap buffer overflow in Little CMS in PDFium

- CVE-2018-17464: URL spoof in Omnibox

- CVE-2018-17465: Use after free in V8

- CVE-2018-17466: Memory corruption in Angle

- CVE-2018-17467: URL spoof in Omnibox

- CVE-2018-17468: Cross-origin URL disclosure in Blink

- CVE-2018-17469: Heap buffer overflow in PDFium

- CVE-2018-17470: Memory corruption in GPU Internals

- CVE-2018-17471: Security UI occlusion in full screen mode

- CVE-2018-17473: URL spoof in Omnibox

- CVE-2018-17474: Use after free in Blink

- CVE-2018-17475: URL spoof in Omnibox

- CVE-2018-17476: Security UI occlusion in full screen mode

- CVE-2018-5179: Lack of limits on update() in ServiceWorker

- CVE-2018-17477: UI spoof in Extensions

VAAPI hardware accelerated...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1253=1

Package List

- openSUSE Leap 42.3 (x86_64):

chromedriver-70.0.3538.67-179.1

chromedriver-debuginfo-70.0.3538.67-179.1

chromium-70.0.3538.67-179.1

chromium-debuginfo-70.0.3538.67-179.1

chromium-debugsource-70.0.3538.67-179.1

References

https://www.suse.com/security/cve/CVE-2018-17462.html

https://www.suse.com/security/cve/CVE-2018-17463.html

https://www.suse.com/security/cve/CVE-2018-17464.html

https://www.suse.com/security/cve/CVE-2018-17465.html

https://www.suse.com/security/cve/CVE-2018-17466.html

https://www.suse.com/security/cve/CVE-2018-17467.html

https://www.suse.com/security/cve/CVE-2018-17468.html

https://www.suse.com/security/cve/CVE-2018-17469.html

https://www.suse.com/security/cve/CVE-2018-17470.html

https://www.suse.com/security/cve/CVE-2018-17471.html

https://www.suse.com/security/cve/CVE-2018-17472.html

https://www.suse.com/security/cve/CVE-2018-17473.html

https://www.suse.com/security/cve/CVE-2018-17474.html

https://www.suse.com/security/cve/CVE-2018-17475.html

https://www.suse.com/security/cve/CVE-2018-17476.html

https://www.suse.com/security/cve/CVE-2018-17477.html

https://www.suse.com/security/cve/CVE-2018-5179.html

https://bugzilla.suse.com/1112111

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:3396-1
Rating: important
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.