Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Chromium
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Chromium
ID: DSA-4103-1
Distribution: Debian
Plattformen: Debian stretch
Datum: Do, 1. Februar 2018, 06:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6039
Applikationen: Chromium

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4103-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
January 31, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032
CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036
CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040
CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045
CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049
CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053
CVE-2018-6054

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-15420

Drew Springall discovered a URL spoofing issue.

CVE-2017-15429

A cross-site scripting issue was discovered in the v8 javascript
library.

CVE-2018-6031

A use-after-free issue was discovered in the pdfium library.

CVE-2018-6032

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6033

Juho Nurminen discovered a race condition when opening downloaded
files.

CVE-2018-6034

Tobias Klein discovered an integer overflow issue.

CVE-2018-6035

Rob Wu discovered a way for extensions to access devtools.

CVE-2018-6036

UK's National Cyper Security Centre discovered an integer overflow
issue.

CVE-2018-6037

Paul Stone discovered an issue in the autofill feature.

CVE-2018-6038

cloudfuzzer discovered a buffer overflow issue.

CVE-2018-6039

Juho Nurminen discovered a cross-site scripting issue in the
developer tools.

CVE-2018-6040

WenXu Wu discovered a way to bypass the content security policy.

CVE-2018-6041

Luan Herrera discovered a URL spoofing issue.

CVE-2018-6042

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6043

A character escaping issue was discovered.

CVE-2018-6045

Rob Wu discovered a way for extensions to access devtools.

CVE-2018-6046

Rob Wu discovered a way for extensions to access devtools.

CVE-2018-6047

Masato Kinugawa discovered an information leak issue.

CVE-2018-6048

Jun Kokatsu discoverd a way to bypass the referrer policy.

CVE-2018-6049

WenXu Wu discovered a user interface spoofing issue.

CVE-2018-6050

Jonathan Kew discovered a URL spoofing issue.

CVE-2018-6051

Anonio Sanso discovered an information leak issue.

CVE-2018-6052

Tanner Emek discovered that the referrer policy implementation
was incomplete.

CVE-2018-6053

Asset Kabdenov discoved an information leak issue.

CVE-2018-6054

Rob Wu discovered a use-after-free issue.

For the oldstable distribution (jessie), security support for chromium
has been discontinued.

For the stable distribution (stretch), these problems have been fixed in
version 64.0.3282.119-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlpygoUACgkQuNayzQLW
9HNBhh/+Ikg1SNGsaEWkuJNv4js8jx2fsnDA1980/XVufw+qltdbPmK12qzer1W5
CjDD/MlBA5umM6IZITNzA/Wo+B+icIP2fxduPb+B3ujO0yJpq392XkgskdgR1Rxy
cm4DPFIZpuO1zR6OaemmG4ySJBtwaZvZguP3tz2auhmMHDCQtdxltzgiE+Lt6Gmv
P5hTjJK3WwbSIfZiJXe0f0Zqu9b0eardXNdOTYwpwzZG65ZHwhANLCx3gzCMK63t
0oWBT+rR6odkc1esGFs3CTr6vXicy/ZICBbUEOcI2DXCovVeJKtuRg3H9Memdh51
Sqd6rX1j0kgm4QPBIYIsyAZMmjcInCdd5f0tGXkrXXvm35K2WNudZR6OIp9zK4BS
scn6YR7CwdNVaKXxKJfCmJJH+8Z9s9tNkROL2OxxOFq27uJY3VTLoT8qUQL/yn4j
UBpLwf5t9iRvOdMRFpA2Nwhwq1/QxMJwIYlLP/oMwF3zBlRjwGaGbpAtVCS5193g
TBF3GZ3Za+f3jUODo9kz8Qcq8QiIo/pg6j1cJHGvepJ/3FjH+ZuAwJcaKqcWrcqE
kZMjsqU2QGNNvwEwUAQeYsQ61oKwVlnJnBTWQcXw1v5sCCic2B/qQBYQzf4AgujH
VO/3Fm4u7WoR7lNUtoauutEcOceGYcjZ+2kJlz0Hb+j3mAlQo6GVPMXup3/nA08v
aswU1kVE+//zmV00v8TTxbY4+EjYZTwPN7XOMQoeAD3b0FVRv8gM78mUOvFkMwqI
1m3BhcHTIOCQzpIpbwyAjjRqhd6rFo5O19yCn4gUAzcI2BN88Jg/zp2LmFcg6orl
A1kXGJSDVjiU+ZS+XJqNmqqmZ4hOjuMIC/yqIMsSbtHDX8oT3Tv1pD+uch7tOJzP
JncLCS6jzfPliIgzQMb+XFeMlURu+4zV+UsyGZ/MXq9AM8sLqKDbNEM8IPs7/XTz
Z4k98t8q0qAZhRlV08KfsvVR3wXn09ps9vuXGKYcDVEy3jlVaIeI8LaV41Uwd81U
JS9Pp0cDPrcDl12JxMuylxs72z9rzBIGA9qyEFvUKx5RrHOE+dVdcLrHL98J8s/M
Zm2HCuJD1Vm+IIYnkb6aDnul06aEy/81zLaBG3JJXVmaR/7VVasG6h1rKuKQIyXh
cFg/sbLKJ1PZlCM7YLS3riN1Mm3lCp9fRBee9uwkGLneMGjIx/Q4bB46xaUYGO2/
3NM8BQhu2DiaQ59b1+v8UE2ZUANcbVmprFs2mLnVHNtqhtPasSFGtwai3NLnxiMd
08AY9klH40qwA7Ci/GU2dohpBJegCghY4bMDcBS66CR92oP1qq+6+lp8fJOXJFNo
BHL2VKcvNbAow1HdkTTEtn8Di8nqig==
=7D0d
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung