Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4103-1 security@debian.orghttps://www.debian.org/security/ Michael GilbertJanuary 31, 2018 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromium-browserCVE ID : CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054Several vulnerabilities have been discovered in the chromium web browser.CVE-2017-15420 Drew Springall discovered a URL spoofing issue.CVE-2017-15429 A cross-site scripting issue was discovered in the v8 javascript library.CVE-2018-6031 A use-after-free issue was discovered in the pdfium library.CVE-2018-6032 Jun Kokatsu discovered a way to bypass the same origin policy.CVE-2018-6033 Juho Nurminen discovered a race condition when opening downloaded files.CVE-2018-6034 Tobias Klein discovered an integer overflow issue.CVE-2018-6035 Rob Wu discovered a way for extensions to access devtools.CVE-2018-6036 UK's National Cyper Security Centre discovered an integer overflow issue.CVE-2018-6037 Paul Stone discovered an issue in the autofill feature.CVE-2018-6038 cloudfuzzer discovered a buffer overflow issue.CVE-2018-6039 Juho Nurminen discovered a cross-site scripting issue in the developer tools.CVE-2018-6040 WenXu Wu discovered a way to bypass the content security policy.CVE-2018-6041 Luan Herrera discovered a URL spoofing issue.CVE-2018-6042 Khalil Zhani discovered a URL spoofing issue.CVE-2018-6043 A character escaping issue was discovered.CVE-2018-6045 Rob Wu discovered a way for extensions to access devtools.CVE-2018-6046 Rob Wu discovered a way for extensions to access devtools.CVE-2018-6047 Masato Kinugawa discovered an information leak issue.CVE-2018-6048 Jun Kokatsu discoverd a way to bypass the referrer policy.CVE-2018-6049 WenXu Wu discovered a user interface spoofing issue.CVE-2018-6050 Jonathan Kew discovered a URL spoofing issue.CVE-2018-6051 Anonio Sanso discovered an information leak issue.CVE-2018-6052 Tanner Emek discovered that the referrer policy implementation was incomplete.CVE-2018-6053 Asset Kabdenov discoved an information leak issue.CVE-2018-6054 Rob Wu discovered a use-after-free issue.For the oldstable distribution (jessie), security support for chromiumhas been discontinued.For the stable distribution (stretch), these problems have been fixed inversion 64.0.3282.119-1~deb9u1.We recommend that you upgrade your chromium-browser packages.For the detailed security status of chromium-browser please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromium-browserFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlpygoUACgkQuNayzQLW9HNBhh/+Ikg1SNGsaEWkuJNv4js8jx2fsnDA1980/XVufw+qltdbPmK12qzer1W5CjDD/MlBA5umM6IZITNzA/Wo+B+icIP2fxduPb+B3ujO0yJpq392XkgskdgR1Rxycm4DPFIZpuO1zR6OaemmG4ySJBtwaZvZguP3tz2auhmMHDCQtdxltzgiE+Lt6GmvP5hTjJK3WwbSIfZiJXe0f0Zqu9b0eardXNdOTYwpwzZG65ZHwhANLCx3gzCMK63t0oWBT+rR6odkc1esGFs3CTr6vXicy/ZICBbUEOcI2DXCovVeJKtuRg3H9Memdh51Sqd6rX1j0kgm4QPBIYIsyAZMmjcInCdd5f0tGXkrXXvm35K2WNudZR6OIp9zK4BSscn6YR7CwdNVaKXxKJfCmJJH+8Z9s9tNkROL2OxxOFq27uJY3VTLoT8qUQL/yn4jUBpLwf5t9iRvOdMRFpA2Nwhwq1/QxMJwIYlLP/oMwF3zBlRjwGaGbpAtVCS5193gTBF3GZ3Za+f3jUODo9kz8Qcq8QiIo/pg6j1cJHGvepJ/3FjH+ZuAwJcaKqcWrcqEkZMjsqU2QGNNvwEwUAQeYsQ61oKwVlnJnBTWQcXw1v5sCCic2B/qQBYQzf4AgujHVO/3Fm4u7WoR7lNUtoauutEcOceGYcjZ+2kJlz0Hb+j3mAlQo6GVPMXup3/nA08vaswU1kVE+//zmV00v8TTxbY4+EjYZTwPN7XOMQoeAD3b0FVRv8gM78mUOvFkMwqI1m3BhcHTIOCQzpIpbwyAjjRqhd6rFo5O19yCn4gUAzcI2BN88Jg/zp2LmFcg6orlA1kXGJSDVjiU+ZS+XJqNmqqmZ4hOjuMIC/yqIMsSbtHDX8oT3Tv1pD+uch7tOJzPJncLCS6jzfPliIgzQMb+XFeMlURu+4zV+UsyGZ/MXq9AM8sLqKDbNEM8IPs7/XTzZ4k98t8q0qAZhRlV08KfsvVR3wXn09ps9vuXGKYcDVEy3jlVaIeI8LaV41Uwd81UJS9Pp0cDPrcDl12JxMuylxs72z9rzBIGA9qyEFvUKx5RrHOE+dVdcLrHL98J8s/MZm2HCuJD1Vm+IIYnkb6aDnul06aEy/81zLaBG3JJXVmaR/7VVasG6h1rKuKQIyXhcFg/sbLKJ1PZlCM7YLS3riN1Mm3lCp9fRBee9uwkGLneMGjIx/Q4bB46xaUYGO2/3NM8BQhu2DiaQ59b1+v8UE2ZUANcbVmprFs2mLnVHNtqhtPasSFGtwai3NLnxiMd08AY9klH40qwA7Ci/GU2dohpBJegCghY4bMDcBS66CR92oP1qq+6+lp8fJOXJFNoBHL2VKcvNbAow1HdkTTEtn8Di8nqig===7D0d-----END PGP SIGNATURE-----