openSUSE Security Update: Security update for Chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:0704-1
Rating:             important
References:         #1084296 
Cross-References:   CVE-2017-11215 CVE-2017-11225 CVE-2018-6057
                    CVE-2018-6060 CVE-2018-6061 CVE-2018-6062
                    CVE-2018-6063 CVE-2018-6064 CVE-2018-6065
                    CVE-2018-6066 CVE-2018-6067 CVE-2018-6068
                    CVE-2018-6069 CVE-2018-6070 CVE-2018-6071
                    CVE-2018-6072 CVE-2018-6073 CVE-2018-6074
                    CVE-2018-6075 CVE-2018-6076 CVE-2018-6077
                    CVE-2018-6078 CVE-2018-6079 CVE-2018-6080
                    CVE-2018-6081 CVE-2018-6082 CVE-2018-6083
                   
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that fixes 27 vulnerabilities is now available.

Description:

   This update for Chromium to version 65.0.3325.162 fixes the following
   issues:

   - CVE-2017-11215: Use after free in Flash
   - CVE-2017-11225: Use after free in Flash
   - CVE-2018-6060: Use after free in Blink
   - CVE-2018-6061: Race condition in V8
   - CVE-2018-6062: Heap buffer overflow in Skia
   - CVE-2018-6057: Incorrect permissions on shared memory
   - CVE-2018-6063: Incorrect permissions on shared memory
   - CVE-2018-6064: Type confusion in V8
   - CVE-2018-6065: Integer overflow in V8
   - CVE-2018-6066: Same Origin Bypass via canvas
   - CVE-2018-6067: Buffer overflow in Skia
   - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
   - CVE-2018-6069: Stack buffer overflow in Skia
   - CVE-2018-6070: CSP bypass through extensions
   - CVE-2018-6071: Heap bufffer overflow in Skia
   - CVE-2018-6072: Integer overflow in PDFium
   - CVE-2018-6073: Heap bufffer overflow in WebGL
   - CVE-2018-6074: Mark-of-the-Web bypass
   - CVE-2018-6075: Overly permissive cross origin downloads
   - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
   - CVE-2018-6077: Timing attack using SVG filters   - CVE-2018-6078: URL Spoof in OmniBox
   - CVE-2018-6079: Information disclosure via texture data in WebGL
   - CVE-2018-6080: Information disclosure in IPC call
   - CVE-2018-6081: XSS in interstitials
   - CVE-2018-6082: Circumvention of port blocking
   - CVE-2018-6083: Incorrect processing of AppManifests


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2018-264=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.3 (x86_64):

      chromedriver-65.0.3325.162-146.1
      chromedriver-debuginfo-65.0.3325.162-146.1
      chromium-65.0.3325.162-146.1
      chromium-debuginfo-65.0.3325.162-146.1
      chromium-debugsource-65.0.3325.162-146.1


References:

   https://www.suse.com/security/cve/CVE-2017-11215.html
   https://www.suse.com/security/cve/CVE-2017-11225.html
   https://www.suse.com/security/cve/CVE-2018-6057.html
   https://www.suse.com/security/cve/CVE-2018-6060.html
   https://www.suse.com/security/cve/CVE-2018-6061.html
   https://www.suse.com/security/cve/CVE-2018-6062.html
   https://www.suse.com/security/cve/CVE-2018-6063.html
   https://www.suse.com/security/cve/CVE-2018-6064.html
   https://www.suse.com/security/cve/CVE-2018-6065.html
   https://www.suse.com/security/cve/CVE-2018-6066.html
   https://www.suse.com/security/cve/CVE-2018-6067.html
   https://www.suse.com/security/cve/CVE-2018-6068.html
   https://www.suse.com/security/cve/CVE-2018-6069.html
   https://www.suse.com/security/cve/CVE-2018-6070.html
   https://www.suse.com/security/cve/CVE-2018-6071.html
   https://www.suse.com/security/cve/CVE-2018-6072.html
   https://www.suse.com/security/cve/CVE-2018-6073.html
   https://www.suse.com/security/cve/CVE-2018-6074.html
   https://www.suse.com/security/cve/CVE-2018-6075.html
   https://www.suse.com/security/cve/CVE-2018-6076.html
   https://www.suse.com/security/cve/CVE-2018-6077.html
   https://www.suse.com/security/cve/CVE-2018-6078.html
   https://www.suse.com/security/cve/CVE-2018-6079.html
   https://www.suse.com/security/cve/CVE-2018-6080.html
   https://www.suse.com/security/cve/CVE-2018-6081.html
   https://www.suse.com/security/cve/CVE-2018-6082.html
   https://www.suse.com/security/cve/CVE-2018-6083.html
   https://bugzilla.suse.com/1084296

--

openSUSE: 2018:0704-1: important: Chromium

March 16, 2018
An update that fixes 27 vulnerabilities is now available.

Description

This update for Chromium to version 65.0.3325.162 fixes the following issues: - CVE-2017-11215: Use after free in Flash - CVE-2017-11225: Use after free in Flash - CVE-2018-6060: Use after free in Blink - CVE-2018-6061: Race condition in V8 - CVE-2018-6062: Heap buffer overflow in Skia - CVE-2018-6057: Incorrect permissions on shared memory - CVE-2018-6063: Incorrect permissions on shared memory - CVE-2018-6064: Type confusion in V8 - CVE-2018-6065: Integer overflow in V8 - CVE-2018-6066: Same Origin Bypass via canvas - CVE-2018-6067: Buffer overflow in Skia - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab - CVE-2018-6069: Stack buffer overflow in Skia - CVE-2018-6070: CSP bypass through extensions - CVE-2018-6071: Heap bufffer overflow in Skia - CVE-2018-6072: Integer overflow in PDFium - CVE-2018-6073: Heap bufffer overflow in WebGL - CVE-2018-6074: Mark-of-the-Web bypass - CVE-2018-6075: Overly permissive cross origin downloads - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink - CVE-2018-6077: Timing attack using SVG filters - CVE-2018-6078: URL Spoof in OmniBox - CVE-2018-6079: Information disclosure via texture data in WebGL - CVE-2018-6080: Information disclosure in IPC call - CVE-2018-6081: XSS in interstitials - CVE-2018-6082: Circumvention of port blocking - CVE-2018-6083: Incorrect processing of AppManifests

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-264=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.3 (x86_64): chromedriver-65.0.3325.162-146.1 chromedriver-debuginfo-65.0.3325.162-146.1 chromium-65.0.3325.162-146.1 chromium-debuginfo-65.0.3325.162-146.1 chromium-debugsource-65.0.3325.162-146.1


References

https://www.suse.com/security/cve/CVE-2017-11215.html https://www.suse.com/security/cve/CVE-2017-11225.html https://www.suse.com/security/cve/CVE-2018-6057.html https://www.suse.com/security/cve/CVE-2018-6060.html https://www.suse.com/security/cve/CVE-2018-6061.html https://www.suse.com/security/cve/CVE-2018-6062.html https://www.suse.com/security/cve/CVE-2018-6063.html https://www.suse.com/security/cve/CVE-2018-6064.html https://www.suse.com/security/cve/CVE-2018-6065.html https://www.suse.com/security/cve/CVE-2018-6066.html https://www.suse.com/security/cve/CVE-2018-6067.html https://www.suse.com/security/cve/CVE-2018-6068.html https://www.suse.com/security/cve/CVE-2018-6069.html https://www.suse.com/security/cve/CVE-2018-6070.html https://www.suse.com/security/cve/CVE-2018-6071.html https://www.suse.com/security/cve/CVE-2018-6072.html https://www.suse.com/security/cve/CVE-2018-6073.html https://www.suse.com/security/cve/CVE-2018-6074.html https://www.suse.com/security/cve/CVE-2018-6075.html https://www.suse.com/security/cve/CVE-2018-6076.html https://www.suse.com/security/cve/CVE-2018-6077.html https://www.suse.com/security/cve/CVE-2018-6078.html https://www.suse.com/security/cve/CVE-2018-6079.html https://www.suse.com/security/cve/CVE-2018-6080.html https://www.suse.com/security/cve/CVE-2018-6081.html https://www.suse.com/security/cve/CVE-2018-6082.html https://www.suse.com/security/cve/CVE-2018-6083.html https://bugzilla.suse.com/1084296--


Severity
Announcement ID: openSUSE-SU-2018:0704-1
Rating: important
Affected Products: openSUSE Leap 42.3

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved