Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4330-1 security@debian.orghttps://www.debian.org/security/ Michael GilbertNovember 02, 2018 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromium-browserCVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477Several vulnerabilities have been discovered in the chromium web browser.CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation.CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.CVE-2018-17463 Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 javascript library.CVE-2018-17464 xisigr discovered a URL spoofing issue.CVE-2018-17465 Lin Zuojian discovered a use-after-free issue in the v8 javascript library.CVE-2018-17466 Omair discovered a memory corruption issue in the angle library.CVE-2018-17467 Khalil Zhani discovered a URL spoofing issue.CVE-2018-17468 Jams Lee discovered an information disclosure issue.CVE-2018-17469 Zhen Zhou discovered a buffer overflow issue in the pdfium library.CVE-2018-17470 Zhe Jin discovered a memory corruption issue in the GPU backend implementation.CVE-2018-17471 Lnyas Zhang discovered an issue with the full screen user interface.CVE-2018-17473 Khalil Zhani discovered a URL spoofing issue.CVE-2018-17474 Zhe Jin discovered a use-after-free issue.CVE-2018-17475 Vladimir Metnew discovered a URL spoofing issue.CVE-2018-17476 Khalil Zhani discovered an issue with the full screen user interface.CVE-2018-17477 Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane.This update also fixes a buffer overflow in the embedded lcms library includedwith chromium.For the stable distribution (stretch), these problems have been fixed inversion 70.0.3538.67-1~deb9u1.We recommend that you upgrade your chromium-browser packages.For the detailed security status of chromium-browser please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromium-browserFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvcOIQACgkQuNayzQLW9HP+1iAAsLTGaiN2DOVoaZcy7J81dIbvflucvy8wdch0sFPiqlP0V3PLr04yBKBGvEZcbGSsdUzCX5oT/eF4SG4qDyY7lSVKCKA8kTvu4UmwnJD8XwouOaKMtsgdcrScGcChQ9zSBSlRBm6Aq0UvirkfCDz2W/zEAjUQZFqBCsNAC+2886SDO+kXwxXKv9ol9P5tfKh+9+t10FMpj0qlBLwb6bdGqjum4iStxyIZEvX9tQ+6H/P6xhog4EoturMHlerPgiWtItpnFxZX7bCCaFDNaMdByXWCw829k2Rc0+kX6KzUVLbgQaeNlmED2Pn3EI8c+ABVsE7lJ0w6DTf9KLMYYkPD4NiREWmipptF1gdKDoTKmksAGMDae+Q600wT8Yy0AAS4S33qliqFuveUMvCqvMR0DAnw8mn8Li1s2OcI2YRKeqEGvXwltqj2RIfzpvzxVlDHx7Go/FIWO4j3o6MhsjVMUQNDXuFl8xkDzgRiICuFEibyKdXNgCEYyUwcNk/iXzRLxQyWjy1p9fWrtk2EpL97kuOIBtLf1SH9VC4O/uJyZ/H8L/hGA6esx99z8AGpwy/zTVimff3dj1/+BtIFHhdWY3zhydlAchVkvZrpGMBRNHz1H1RWy/wx6IIyJGb3LP1U/narlqf0vYKUQW2oDVFybXM5Exqwm4c6ipBYxWkuOYd4bXqx/ojMAgHCar135UrX2zdLIUyFVpICbFFUxQUil92VYdwPuJWXXAJdzzOMuz42UoM2xSqv0oRjDRAU7/QFpz0Ilrf3C0+ktirWvo9GSNm5Kq5xNgC9Khp9uppu6cXHDCZxCCOQz6xXyOYrYjzGeYB8EYrlVPVT1YmKHJ1/FqCjoJ3IkkCsIo8MnCR9olO0AK1smo21Dvim+OcdJax6xWn4aIKbZDqL1GUYRotMoVfsnEbrsqBrsrLiWqlsmvVALN12083NK+zB2OhYdU2D5oWep4Eb92+RI1ykk1wDaW9bpbdIOcK48HFAejk2PmZX2hhIgbrek0uP/Lu5FZn7NehFIjAxYIQ2qAk9vNdXmk6u3MrAFC96VoBFaIvg09MXuA/K0nIOnryW17n0WxUjk8/pFfgRMJFW7oobEvw0NFvHFNEteP+b1T1ucJj/2CEAtMGE73UbHnv/03ez0boUiejkJmShpsPoWt02j/w4pfZ2vEDGlzBj0h3Bof8CmLJ422r0tfB5Vrp+GuCxK7mQQItwatAMxyfXjBx+KxBROwb5mcQ0E9AwAonvsfgzrAgcoXAofV1oMiRyUvxdDnkJ69wblQ+ahyFjjdhR8+L1VNHHuQkgxfXCdXRxLdCzt4GHk5EFHh/5zGdXAy238uDIBhE1NLHpUSX2D6/cMGFggA===AINb-----END PGP SIGNATURE-----