Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Chromium
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Chromium
ID: openSUSE-SU-2018:1437-1
Distribution: SUSE
Plattformen: SUSE Package Hub for SUSE Linux Enterprise 12
Datum: So, 27. Mai 2018, 19:53
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6068
Applikationen: Chromium

Originalnachricht

   openSUSE Security Update: Security update for Chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1437-1
Rating: important
References: #1084296 #1086124 #1090000 #1091288 #1092272
#1092923 #1093031
Cross-References: CVE-2017-11215 CVE-2017-11225 CVE-2018-6057
CVE-2018-6060 CVE-2018-6061 CVE-2018-6062
CVE-2018-6063 CVE-2018-6064 CVE-2018-6065
CVE-2018-6066 CVE-2018-6067 CVE-2018-6068
CVE-2018-6069 CVE-2018-6070 CVE-2018-6071
CVE-2018-6072 CVE-2018-6073 CVE-2018-6074
CVE-2018-6075 CVE-2018-6076 CVE-2018-6077
CVE-2018-6078 CVE-2018-6079 CVE-2018-6080
CVE-2018-6081 CVE-2018-6082 CVE-2018-6083
CVE-2018-6085 CVE-2018-6086 CVE-2018-6087
CVE-2018-6088 CVE-2018-6089 CVE-2018-6090
CVE-2018-6091 CVE-2018-6092 CVE-2018-6093
CVE-2018-6094 CVE-2018-6095 CVE-2018-6096
CVE-2018-6097 CVE-2018-6098 CVE-2018-6099
CVE-2018-6100 CVE-2018-6101 CVE-2018-6102
CVE-2018-6103 CVE-2018-6104 CVE-2018-6105
CVE-2018-6106 CVE-2018-6107 CVE-2018-6108
CVE-2018-6109 CVE-2018-6110 CVE-2018-6111
CVE-2018-6112 CVE-2018-6113 CVE-2018-6114
CVE-2018-6115 CVE-2018-6116 CVE-2018-6117
CVE-2018-6118 CVE-2018-6120 CVE-2018-6121
CVE-2018-6122
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 64 vulnerabilities is now available.

Description:

This update for Chromium to version 66.0.3359.181 fixes the following
issues:

- CVE-2018-6118: Use after free in Media Cache (bsc#1091288)
- CVE-2018-6085: Use after free in Disk Cache
- CVE-2018-6086: Use after free in Disk Cache
- CVE-2018-6087: Use after free in WebAssembly
- CVE-2018-6088: Use after free in PDFium
- CVE-2018-6089: Same origin policy bypass in Service Worker
- CVE-2018-6090: Heap buffer overflow in Skia
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- CVE-2018-6092: Integer overflow in WebAssembly
- CVE-2018-6093: Same origin bypass in Service Worker
- CVE-2018-6094: Exploit hardening regression in Oilpan
- CVE-2018-6095: Lack of meaningful user interaction requirement before
file upload
- CVE-2018-6096: Fullscreen UI spoof
- CVE-2018-6097: Fullscreen UI spoof
- CVE-2018-6098: URL spoof in Omnibox
- CVE-2018-6099: CORS bypass in ServiceWorker
- CVE-2018-6100: URL spoof in Omnibox
- CVE-2018-6101: Insufficient protection of remote debugging prototol in
DevTools
- CVE-2018-6102: URL spoof in Omnibox
- CVE-2018-6103: UI spoof in Permissions
- CVE-2018-6104: URL spoof in Omnibox
- CVE-2018-6105: URL spoof in Omnibox
- CVE-2018-6106: Incorrect handling of promises in V8
- CVE-2018-6107: URL spoof in Omnibox
- CVE-2018-6108: URL spoof in Omnibox
- CVE-2018-6109: Incorrect handling of files by FileAPI
- CVE-2018-6110: Incorrect handling of plaintext files via file://
- CVE-2018-6111: Heap-use-after-free in DevTools
- CVE-2018-6112: Incorrect URL handling in DevTools
- CVE-2018-6113: URL spoof in Navigation
- CVE-2018-6114: CSP bypass
- CVE-2018-6115: SmartScreen bypass in downloads
- CVE-2018-6116: Incorrect low memory handling in WebAssembly
- CVE-2018-6117: Confusing autofill settings
- CVE-2017-11215: Use after free in Flash
- CVE-2017-11225: Use after free in Flash
- CVE-2018-6060: Use after free in Blink
- CVE-2018-6061: Race condition in V8
- CVE-2018-6062: Heap buffer overflow in Skia
- CVE-2018-6057: Incorrect permissions on shared memory
- CVE-2018-6063: Incorrect permissions on shared memory
- CVE-2018-6064: Type confusion in V8
- CVE-2018-6065: Integer overflow in V8
- CVE-2018-6066: Same Origin Bypass via canvas
- CVE-2018-6067: Buffer overflow in Skia
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- CVE-2018-6069: Stack buffer overflow in Skia
- CVE-2018-6070: CSP bypass through extensions
- CVE-2018-6071: Heap bufffer overflow in Skia
- CVE-2018-6072: Integer overflow in PDFium
- CVE-2018-6073: Heap bufffer overflow in WebGL
- CVE-2018-6074: Mark-of-the-Web bypass
- CVE-2018-6075: Overly permissive cross origin downloads
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- CVE-2018-6077: Timing attack using SVG filters
- CVE-2018-6078: URL Spoof in OmniBox
- CVE-2018-6079: Information disclosure via texture data in WebGL
- CVE-2018-6080: Information disclosure in IPC call
- CVE-2018-6081: XSS in interstitials
- CVE-2018-6082: Circumvention of port blocking
- CVE-2018-6083: Incorrect processing of AppManifests
- CVE-2018-6121: Privilege Escalation in extensions
- CVE-2018-6122: Type confusion in V8
- CVE-2018-6120: Heap buffer overflow in PDFium
- bsc#1086124: Various fixes from internal audits, fuzzing and other
initiatives

This update also supports mitigation against the Spectre vulnerabilities:

"Strict site isolation" is disabled for most users and can be turned
on
via: chrome://flags/#enable-site-per-process

This feature is undergoing a small percentage trial. Out out of the trial
is possible via: chrome://flags/#site-isolation-trial-opt-out


The following tracked packaging bug were fixed:

- Chromium could not be installed from SUSE PackageHub 12 without having
the SDK enabled (bsc#1070421)
- Chromium could not be installed when libminizip1 was not available
(bsc#1093031)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-436=1



Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 x86_64):

chromedriver-66.0.3359.181-55.1
chromedriver-debuginfo-66.0.3359.181-55.1
chromium-66.0.3359.181-55.1
chromium-debuginfo-66.0.3359.181-55.1
chromium-debugsource-66.0.3359.181-55.1


References:

https://www.suse.com/security/cve/CVE-2017-11215.html
https://www.suse.com/security/cve/CVE-2017-11225.html
https://www.suse.com/security/cve/CVE-2018-6057.html
https://www.suse.com/security/cve/CVE-2018-6060.html
https://www.suse.com/security/cve/CVE-2018-6061.html
https://www.suse.com/security/cve/CVE-2018-6062.html
https://www.suse.com/security/cve/CVE-2018-6063.html
https://www.suse.com/security/cve/CVE-2018-6064.html
https://www.suse.com/security/cve/CVE-2018-6065.html
https://www.suse.com/security/cve/CVE-2018-6066.html
https://www.suse.com/security/cve/CVE-2018-6067.html
https://www.suse.com/security/cve/CVE-2018-6068.html
https://www.suse.com/security/cve/CVE-2018-6069.html
https://www.suse.com/security/cve/CVE-2018-6070.html
https://www.suse.com/security/cve/CVE-2018-6071.html
https://www.suse.com/security/cve/CVE-2018-6072.html
https://www.suse.com/security/cve/CVE-2018-6073.html
https://www.suse.com/security/cve/CVE-2018-6074.html
https://www.suse.com/security/cve/CVE-2018-6075.html
https://www.suse.com/security/cve/CVE-2018-6076.html
https://www.suse.com/security/cve/CVE-2018-6077.html
https://www.suse.com/security/cve/CVE-2018-6078.html
https://www.suse.com/security/cve/CVE-2018-6079.html
https://www.suse.com/security/cve/CVE-2018-6080.html
https://www.suse.com/security/cve/CVE-2018-6081.html
https://www.suse.com/security/cve/CVE-2018-6082.html
https://www.suse.com/security/cve/CVE-2018-6083.html
https://www.suse.com/security/cve/CVE-2018-6085.html
https://www.suse.com/security/cve/CVE-2018-6086.html
https://www.suse.com/security/cve/CVE-2018-6087.html
https://www.suse.com/security/cve/CVE-2018-6088.html
https://www.suse.com/security/cve/CVE-2018-6089.html
https://www.suse.com/security/cve/CVE-2018-6090.html
https://www.suse.com/security/cve/CVE-2018-6091.html
https://www.suse.com/security/cve/CVE-2018-6092.html
https://www.suse.com/security/cve/CVE-2018-6093.html
https://www.suse.com/security/cve/CVE-2018-6094.html
https://www.suse.com/security/cve/CVE-2018-6095.html
https://www.suse.com/security/cve/CVE-2018-6096.html
https://www.suse.com/security/cve/CVE-2018-6097.html
https://www.suse.com/security/cve/CVE-2018-6098.html
https://www.suse.com/security/cve/CVE-2018-6099.html
https://www.suse.com/security/cve/CVE-2018-6100.html
https://www.suse.com/security/cve/CVE-2018-6101.html
https://www.suse.com/security/cve/CVE-2018-6102.html
https://www.suse.com/security/cve/CVE-2018-6103.html
https://www.suse.com/security/cve/CVE-2018-6104.html
https://www.suse.com/security/cve/CVE-2018-6105.html
https://www.suse.com/security/cve/CVE-2018-6106.html
https://www.suse.com/security/cve/CVE-2018-6107.html
https://www.suse.com/security/cve/CVE-2018-6108.html
https://www.suse.com/security/cve/CVE-2018-6109.html
https://www.suse.com/security/cve/CVE-2018-6110.html
https://www.suse.com/security/cve/CVE-2018-6111.html
https://www.suse.com/security/cve/CVE-2018-6112.html
https://www.suse.com/security/cve/CVE-2018-6113.html
https://www.suse.com/security/cve/CVE-2018-6114.html
https://www.suse.com/security/cve/CVE-2018-6115.html
https://www.suse.com/security/cve/CVE-2018-6116.html
https://www.suse.com/security/cve/CVE-2018-6117.html
https://www.suse.com/security/cve/CVE-2018-6118.html
https://www.suse.com/security/cve/CVE-2018-6120.html
https://www.suse.com/security/cve/CVE-2018-6121.html
https://www.suse.com/security/cve/CVE-2018-6122.html
https://bugzilla.suse.com/1084296
https://bugzilla.suse.com/1086124
https://bugzilla.suse.com/1090000
https://bugzilla.suse.com/1091288
https://bugzilla.suse.com/1092272
https://bugzilla.suse.com/1092923
https://bugzilla.suse.com/1093031

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung