Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Chromium
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Chromium
ID: openSUSE-SU-2018:0704-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 42.3
Datum: Fr, 16. März 2018, 12:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6078
Applikationen: Chromium

Originalnachricht

   openSUSE Security Update: Security update for Chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:0704-1
Rating: important
References: #1084296
Cross-References: CVE-2017-11215 CVE-2017-11225 CVE-2018-6057
CVE-2018-6060 CVE-2018-6061 CVE-2018-6062
CVE-2018-6063 CVE-2018-6064 CVE-2018-6065
CVE-2018-6066 CVE-2018-6067 CVE-2018-6068
CVE-2018-6069 CVE-2018-6070 CVE-2018-6071
CVE-2018-6072 CVE-2018-6073 CVE-2018-6074
CVE-2018-6075 CVE-2018-6076 CVE-2018-6077
CVE-2018-6078 CVE-2018-6079 CVE-2018-6080
CVE-2018-6081 CVE-2018-6082 CVE-2018-6083

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 27 vulnerabilities is now available.

Description:

This update for Chromium to version 65.0.3325.162 fixes the following
issues:

- CVE-2017-11215: Use after free in Flash
- CVE-2017-11225: Use after free in Flash
- CVE-2018-6060: Use after free in Blink
- CVE-2018-6061: Race condition in V8
- CVE-2018-6062: Heap buffer overflow in Skia
- CVE-2018-6057: Incorrect permissions on shared memory
- CVE-2018-6063: Incorrect permissions on shared memory
- CVE-2018-6064: Type confusion in V8
- CVE-2018-6065: Integer overflow in V8
- CVE-2018-6066: Same Origin Bypass via canvas
- CVE-2018-6067: Buffer overflow in Skia
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- CVE-2018-6069: Stack buffer overflow in Skia
- CVE-2018-6070: CSP bypass through extensions
- CVE-2018-6071: Heap bufffer overflow in Skia
- CVE-2018-6072: Integer overflow in PDFium
- CVE-2018-6073: Heap bufffer overflow in WebGL
- CVE-2018-6074: Mark-of-the-Web bypass
- CVE-2018-6075: Overly permissive cross origin downloads
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- CVE-2018-6077: Timing attack using SVG filters
- CVE-2018-6078: URL Spoof in OmniBox
- CVE-2018-6079: Information disclosure via texture data in WebGL
- CVE-2018-6080: Information disclosure in IPC call
- CVE-2018-6081: XSS in interstitials
- CVE-2018-6082: Circumvention of port blocking
- CVE-2018-6083: Incorrect processing of AppManifests


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-264=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (x86_64):

chromedriver-65.0.3325.162-146.1
chromedriver-debuginfo-65.0.3325.162-146.1
chromium-65.0.3325.162-146.1
chromium-debuginfo-65.0.3325.162-146.1
chromium-debugsource-65.0.3325.162-146.1


References:

https://www.suse.com/security/cve/CVE-2017-11215.html
https://www.suse.com/security/cve/CVE-2017-11225.html
https://www.suse.com/security/cve/CVE-2018-6057.html
https://www.suse.com/security/cve/CVE-2018-6060.html
https://www.suse.com/security/cve/CVE-2018-6061.html
https://www.suse.com/security/cve/CVE-2018-6062.html
https://www.suse.com/security/cve/CVE-2018-6063.html
https://www.suse.com/security/cve/CVE-2018-6064.html
https://www.suse.com/security/cve/CVE-2018-6065.html
https://www.suse.com/security/cve/CVE-2018-6066.html
https://www.suse.com/security/cve/CVE-2018-6067.html
https://www.suse.com/security/cve/CVE-2018-6068.html
https://www.suse.com/security/cve/CVE-2018-6069.html
https://www.suse.com/security/cve/CVE-2018-6070.html
https://www.suse.com/security/cve/CVE-2018-6071.html
https://www.suse.com/security/cve/CVE-2018-6072.html
https://www.suse.com/security/cve/CVE-2018-6073.html
https://www.suse.com/security/cve/CVE-2018-6074.html
https://www.suse.com/security/cve/CVE-2018-6075.html
https://www.suse.com/security/cve/CVE-2018-6076.html
https://www.suse.com/security/cve/CVE-2018-6077.html
https://www.suse.com/security/cve/CVE-2018-6078.html
https://www.suse.com/security/cve/CVE-2018-6079.html
https://www.suse.com/security/cve/CVE-2018-6080.html
https://www.suse.com/security/cve/CVE-2018-6081.html
https://www.suse.com/security/cve/CVE-2018-6082.html
https://www.suse.com/security/cve/CVE-2018-6083.html
https://bugzilla.suse.com/1084296

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung