Commit 3333ac65 authored by Kåre Thor Olsen's avatar Kåre Thor Olsen

[SECURITY] [DSA 4103-1] chromium-browser security update

CVS version numbers

english/security/2018/dsa-4103.data: INITIAL -> 1.1 
english/security/2018/dsa-4103.wml: INITIAL -> 1.1
parent 4abe289b
<define-tag pagetitle>DSA-4103-1 chromium-browser</define-tag>
<define-tag report_date>2018-1-31</define-tag>
<define-tag secrefs>CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054</define-tag>
<define-tag packages>chromium-browser</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
</dl>
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in the chromium web browser.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15420">CVE-2017-15420</a>
<p>Drew Springall discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2017-15429">CVE-2017-15429</a>
<p>A cross-site scripting issue was discovered in the v8 javascript
library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6031">CVE-2018-6031</a>
<p>A use-after-free issue was discovered in the pdfium library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6032">CVE-2018-6032</a>
<p>Jun Kokatsu discovered a way to bypass the same origin policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6033">CVE-2018-6033</a>
<p>Juho Nurminen discovered a race condition when opening downloaded
files.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6034">CVE-2018-6034</a>
<p>Tobias Klein discovered an integer overflow issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6035">CVE-2018-6035</a>
<p>Rob Wu discovered a way for extensions to access devtools.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6036">CVE-2018-6036</a>
<p>UK's National Cyper Security Centre discovered an integer overflow
issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6037">CVE-2018-6037</a>
<p>Paul Stone discovered an issue in the autofill feature.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6038">CVE-2018-6038</a>
<p>cloudfuzzer discovered a buffer overflow issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6039">CVE-2018-6039</a>
<p>Juho Nurminen discovered a cross-site scripting issue in the
developer tools.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6040">CVE-2018-6040</a>
<p>WenXu Wu discovered a way to bypass the content security policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6041">CVE-2018-6041</a>
<p>Luan Herrera discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6042">CVE-2018-6042</a>
<p>Khalil Zhani discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6043">CVE-2018-6043</a>
<p>A character escaping issue was discovered.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6045">CVE-2018-6045</a>
<p>Rob Wu discovered a way for extensions to access devtools.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6046">CVE-2018-6046</a>
<p>Rob Wu discovered a way for extensions to access devtools.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6047">CVE-2018-6047</a>
<p>Masato Kinugawa discovered an information leak issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6048">CVE-2018-6048</a>
<p>Jun Kokatsu discoverd a way to bypass the referrer policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6049">CVE-2018-6049</a>
<p>WenXu Wu discovered a user interface spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6050">CVE-2018-6050</a>
<p>Jonathan Kew discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6051">CVE-2018-6051</a>
<p>Anonio Sanso discovered an information leak issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6052">CVE-2018-6052</a>
<p>Tanner Emek discovered that the referrer policy implementation
was incomplete.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6053">CVE-2018-6053</a>
<p>Asset Kabdenov discoved an information leak issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6054">CVE-2018-6054</a>
<p>Rob Wu discovered a use-after-free issue.</p></li>
</ul>
<p>For the oldstable distribution (jessie), security support for chromium
has been discontinued.</p>
<p>For the stable distribution (stretch), these problems have been fixed in
version 64.0.3282.119-1~deb9u1.</p>
<p>We recommend that you upgrade your chromium-browser packages.</p>
<p>For the detailed security status of chromium-browser please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/chromium-browser">\
https://security-tracker.debian.org/tracker/chromium-browser</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2018/dsa-4103.data"
# $Id$
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment