openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:0313-1
Rating:             important
References:         #1073323 #1077571 #1077722 
Cross-References:   CVE-2017-15420 CVE-2018-6031 CVE-2018-6032
                    CVE-2018-6033 CVE-2018-6034 CVE-2018-6035
                    CVE-2018-6036 CVE-2018-6037 CVE-2018-6038
                    CVE-2018-6039 CVE-2018-6040 CVE-2018-6041
                    CVE-2018-6042 CVE-2018-6043 CVE-2018-6045
                    CVE-2018-6046 CVE-2018-6047 CVE-2018-6048
                    CVE-2018-6049 CVE-2018-6050 CVE-2018-6051
                    CVE-2018-6052 CVE-2018-6053 CVE-2018-6054
                   
Affected Products:
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that fixes 24 vulnerabilities is now available.

Description:

   This update for chromium to 64.0.3282.119 fixes several issues.

   These security issues were fixed:

   - CVE-2018-6031: Use after free in PDFium (boo#1077571)
   - CVE-2018-6032: Same origin bypass in Shared Worker (boo#1077571)
   - CVE-2018-6033: Race when opening downloaded files (boo#1077571)
   - CVE-2018-6034: Integer overflow in Blink (boo#1077571)
   - CVE-2018-6035: Insufficient isolation of devtools from extensions
     (boo#1077571)
   - CVE-2018-6036: Integer underflow in WebAssembly (boo#1077571)
   - CVE-2018-6037: Insufficient user gesture requirements in autofill
     (boo#1077571)
   - CVE-2018-6038: Heap buffer overflow in WebGL (boo#1077571)
   - CVE-2018-6039: XSS in DevTools (boo#1077571)
   - CVE-2018-6040: Content security policy bypass (boo#1077571)
   - CVE-2018-6041: URL spoof in Navigation (boo#1077571)
   - CVE-2018-6042: URL spoof in OmniBox (boo#1077571)
   - CVE-2018-6043: Insufficient escaping with external URL handlers     (boo#1077571)
   - CVE-2018-6045: Insufficient isolation of devtools from extensions
     (boo#1077571)
   - CVE-2018-6046: Insufficient isolation of devtools from extensions
     (boo#1077571)
   - CVE-2018-6047: Cross origin URL leak in WebGL (boo#1077571)
   - CVE-2018-6048: Referrer policy bypass in Blink (boo#1077571)
   - CVE-2017-15420: URL spoofing in Omnibox (boo#1077571)
   - CVE-2018-6049: UI spoof in Permissions (boo#1077571)
   - CVE-2018-6050: URL spoof in OmniBox (boo#1077571)
   - CVE-2018-6051: Referrer leak in XSS Auditor (boo#1077571)
   - CVE-2018-6052: Incomplete no-referrer policy implementation (boo#1077571)
   - CVE-2018-6053: Leak of page thumbnails in New Tab Page (boo#1077571)
   - CVE-2018-6054: Use after free in WebUI (boo#1077571)

   Re was updated to version 2018-01-01 (boo#1073323)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2018-106=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

      libre2-0-20180101-5.1
      libre2-0-debuginfo-20180101-5.1
      re2-debugsource-20180101-5.1
      re2-devel-20180101-5.1

   - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

      chromedriver-64.0.3282.119-46.2
      chromium-64.0.3282.119-46.2


References:

   https://www.suse.com/security/cve/CVE-2017-15420.html
   https://www.suse.com/security/cve/CVE-2018-6031.html
   https://www.suse.com/security/cve/CVE-2018-6032.html
   https://www.suse.com/security/cve/CVE-2018-6033.html
   https://www.suse.com/security/cve/CVE-2018-6034.html
   https://www.suse.com/security/cve/CVE-2018-6035.html
   https://www.suse.com/security/cve/CVE-2018-6036.html
   https://www.suse.com/security/cve/CVE-2018-6037.html
   https://www.suse.com/security/cve/CVE-2018-6038.html
   https://www.suse.com/security/cve/CVE-2018-6039.html
   https://www.suse.com/security/cve/CVE-2018-6040.html
   https://www.suse.com/security/cve/CVE-2018-6041.html
   https://www.suse.com/security/cve/CVE-2018-6042.html
   https://www.suse.com/security/cve/CVE-2018-6043.html
   https://www.suse.com/security/cve/CVE-2018-6045.html
   https://www.suse.com/security/cve/CVE-2018-6046.html
   https://www.suse.com/security/cve/CVE-2018-6047.html
   https://www.suse.com/security/cve/CVE-2018-6048.html
   https://www.suse.com/security/cve/CVE-2018-6049.html
   https://www.suse.com/security/cve/CVE-2018-6050.html
   https://www.suse.com/security/cve/CVE-2018-6051.html
   https://www.suse.com/security/cve/CVE-2018-6052.html
   https://www.suse.com/security/cve/CVE-2018-6053.html
   https://www.suse.com/security/cve/CVE-2018-6054.html
   https://bugzilla.suse.com/1073323
   https://bugzilla.suse.com/1077571
   https://bugzilla.suse.com/1077722

--

openSUSE: 2018:0313-1: important: chromium

January 31, 2018
An update that fixes 24 vulnerabilities is now available.

Description

This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium (boo#1077571) - CVE-2018-6032: Same origin bypass in Shared Worker (boo#1077571) - CVE-2018-6033: Race when opening downloaded files (boo#1077571) - CVE-2018-6034: Integer overflow in Blink (boo#1077571) - CVE-2018-6035: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6036: Integer underflow in WebAssembly (boo#1077571) - CVE-2018-6037: Insufficient user gesture requirements in autofill (boo#1077571) - CVE-2018-6038: Heap buffer overflow in WebGL (boo#1077571) - CVE-2018-6039: XSS in DevTools (boo#1077571) - CVE-2018-6040: Content security policy bypass (boo#1077571) - CVE-2018-6041: URL spoof in Navigation (boo#1077571) - CVE-2018-6042: URL spoof in OmniBox (boo#1077571) - CVE-2018-6043: Insufficient escaping with external URL handlers (boo#1077571) - CVE-2018-6045: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6046: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6047: Cross origin URL leak in WebGL (boo#1077571) - CVE-2018-6048: Referrer policy bypass in Blink (boo#1077571) - CVE-2017-15420: URL spoofing in Omnibox (boo#1077571) - CVE-2018-6049: UI spoof in Permissions (boo#1077571) - CVE-2018-6050: URL spoof in OmniBox (boo#1077571) - CVE-2018-6051: Referrer leak in XSS Auditor (boo#1077571) - CVE-2018-6052: Incomplete no-referrer policy implementation (boo#1077571) - CVE-2018-6053: Leak of page thumbnails in New Tab Page (boo#1077571) - CVE-2018-6054: Use after free in WebUI (boo#1077571) Re was updated to version 2018-01-01 (boo#1073323)

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-106=1 To bring your system up-to-date, use "zypper patch".


Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): libre2-0-20180101-5.1 libre2-0-debuginfo-20180101-5.1 re2-debugsource-20180101-5.1 re2-devel-20180101-5.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-64.0.3282.119-46.2 chromium-64.0.3282.119-46.2


References

https://www.suse.com/security/cve/CVE-2017-15420.html https://www.suse.com/security/cve/CVE-2018-6031.html https://www.suse.com/security/cve/CVE-2018-6032.html https://www.suse.com/security/cve/CVE-2018-6033.html https://www.suse.com/security/cve/CVE-2018-6034.html https://www.suse.com/security/cve/CVE-2018-6035.html https://www.suse.com/security/cve/CVE-2018-6036.html https://www.suse.com/security/cve/CVE-2018-6037.html https://www.suse.com/security/cve/CVE-2018-6038.html https://www.suse.com/security/cve/CVE-2018-6039.html https://www.suse.com/security/cve/CVE-2018-6040.html https://www.suse.com/security/cve/CVE-2018-6041.html https://www.suse.com/security/cve/CVE-2018-6042.html https://www.suse.com/security/cve/CVE-2018-6043.html https://www.suse.com/security/cve/CVE-2018-6045.html https://www.suse.com/security/cve/CVE-2018-6046.html https://www.suse.com/security/cve/CVE-2018-6047.html https://www.suse.com/security/cve/CVE-2018-6048.html https://www.suse.com/security/cve/CVE-2018-6049.html https://www.suse.com/security/cve/CVE-2018-6050.html https://www.suse.com/security/cve/CVE-2018-6051.html https://www.suse.com/security/cve/CVE-2018-6052.html https://www.suse.com/security/cve/CVE-2018-6053.html https://www.suse.com/security/cve/CVE-2018-6054.html https://bugzilla.suse.com/1073323 https://bugzilla.suse.com/1077571 https://bugzilla.suse.com/1077722--


Severity
Announcement ID: openSUSE-SU-2018:0313-1
Rating: important
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved