Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4237-1 security@debian.orghttps://www.debian.org/security/ Michael GilbertJune 30, 2018 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromium-browserCVE ID : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148 CVE-2018-6149Several vulnerabilities have been discovered in the chromium web browser.CVE-2018-6118 Ned Williamson discovered a use-after-free issue.CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library.CVE-2018-6121 It was discovered that malicious extensions could escalate privileges.CVE-2018-6122 A type confusion issue was discovered in the v8 javascript library.CVE-2018-6123 Looben Yang discovered a use-after-free issue.CVE-2018-6124 Guang Gong discovered a type confusion issue.CVE-2018-6125 Yubico discovered that the WebUSB implementation was too permissive.CVE-2018-6126 Ivan Fratric discovered a buffer overflow issue in the skia library.CVE-2018-6127 Looben Yang discovered a use-after-free issue.CVE-2018-6129 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.CVE-2018-6130 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.CVE-2018-6131 Natalie Silvanovich discovered an error in WebAssembly.CVE-2018-6132 Ronald E. Crane discovered an uninitialized memory issue.CVE-2018-6133 Khalil Zhani discovered a URL spoofing issue.CVE-2018-6134 Jun Kokatsu discovered a way to bypass the Referrer Policy.CVE-2018-6135 Jasper Rebane discovered a user interface spoofing issue.CVE-2018-6136 Peter Wong discovered an out-of-bounds read issue in the v8 javascript library.CVE-2018-6137 Michael Smith discovered an information leak.CVE-2018-6138 François Lajeunesse-Robert discovered that the extensions policy was too permissive.CVE-2018-6139 Rob Wu discovered a way to bypass restrictions in the debugger extension.CVE-2018-6140 Rob Wu discovered a way to bypass restrictions in the debugger extension.CVE-2018-6141 Yangkang discovered a buffer overflow issue in the skia library.CVE-2018-6142 Choongwoo Han discovered an out-of-bounds read in the v8 javascript library.CVE-2018-6143 Guang Gong discovered an out-of-bounds read in the v8 javascript library.CVE-2018-6144 pdknsk discovered an out-of-bounds read in the pdfium library.CVE-2018-6145 Masato Kinugawa discovered an error in the MathML implementation.CVE-2018-6147 Michail Pishchagin discovered an error in password entry fields.CVE-2018-6148 Michał Bentkowski discovered that the Content Security Policy header was handled incorrectly.CVE-2018-6149 Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the v8 javascript library.For the stable distribution (stretch), these problems have been fixed inversion 67.0.3396.87-1~deb9u1.We recommend that you upgrade your chromium-browser packages.For the detailed security status of chromium-browser please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromium-browserFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAls4J2QACgkQuNayzQLW9HP9zR/+OKevx5/QJndGvdxJ/gce4jMx9iqd8nrMEDNeHobwaMS9z44yCjgHo0NYrOQcgxf3ATASJHfokrpKi6mkRO3bnyytu8VB2ekGdHN3WCab84RXR+9BddNrVQDmmc1cCH35ZjJiLYz/h9xvowyeJb8hR6GgfL14BZPFcJkyHgyDjKPa4nCZKLCnIJqM4CWwU0msAkqEMtzF0YgEtk6oaNT5h6GCd/lkFxa0Wkl6KRjTgS56FU84UT64mpQMrq4Y0xtYlTsrOYXzcn1tnXCXfkBKke6Ck4SPepfSS8RO73+8a/LfHRGQKMOCOh1MhT0jp/cMIwc78/Zk1+ohXiIre1HWatsS1UbMhNV7rwSl1V4etlC+KKQxEai3R8DNNY0HikvtIVmpDWnk9wLzzjUKVQPtj/EHNNW1d7miArS1Y9wvLSA5UeuWFDUrU2nD+zbrrJLz60cWpt4DVswavUhZz+xjxqvaC1SrYTXieOjKan6HV5ULYOnwApQ78NVhbBbs62mwHavAhWmNUcuykUgr1ZG3aaqXiWE1QBMIEvU52n736qG1OXlOLnBJJjAQVMs7DEF9ZASHQkO+CMCA6L2yBVKLvFv+bd46na4LwIo9/eJ3GDUOz6xLkJEgL2Aua3nELYeh4BjO89Sy7Mb4omwGzkO6HjZxmDVCXINdZSX4yqHe//LKWoeJ5l6om73wBhnYhvQYYImvwjl9DA5NDllDaCiUbwsdDQFCOzEcs7j9USk/kzCTFgXZwvzAqeNJyN/3YlP2s2pcFkoHPG3spwPjKw9dQi1oKGcThF//q1hm6mlyVYP0/8AfRCBaz7RkArdTB7XIULvocaJXCxUczvN9uZ8P7SOBIMJ0kdOgoPDnelaA08s8uBh5cmVYs8RPdGa/x0IML3JPdfc2PYueLyBK9BlodiGRTkhZkMIi+JN6oAcVjc1V4Ne9FssMJ3/Ea2JYLprgNx99R9tF3y6gBBH0cpgXmOYZimDOgdkelLADkizt6HFWteXc2T4d22J8x8YMiA+67vWft69jIgJhW+w8W7XsX4M2HBHSLOU4GdxbmFuUPu2kxjlFeXAv1tN11OjopqjfhhjwnCXG3D35T0Mm2QxKQbNuBfKlYiHb8eY75qDQTTmb71Sbn2SqhjKnWwKARv21giNU2iwDcwQ1PexDL+VlLP1epO0zmbQ4PGQm0oXn5wT8Ero0KbAm0RVS9ZR/AwrUBHKIBPgT4bzL5YriY9fowmnO+F5XDAnhVje0bjSJ7SwwcN3pcxG8UV//laF8XvfVS8q9w1J6qRVBbNVdN9uxFCTM5YSV63Ku8L3N//YS+MXKwRv4ghsp2XXrJEeslnBuzL2+T7tRsycS+kFaMbu5dg===hCS3-----END PGP SIGNATURE-----