Debian Security Advisory DSA-4352-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
December 07, 2018 https://www.debian.org/security/faq
Package : chromium-browser
CVE ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2018-17480
Guang Gong discovered an out-of-bounds write issue in the v8 javascript
library.
CVE-2018-17481
Several use-after-free issues were discovered in the pdfium library.
CVE-2018-18335
A buffer overflow issue was discovered in the skia library.
CVE-2018-18336
Huyna discovered a use-after-free issue in the pdfium library.
CVE-2018-18337
cloudfuzzer discovered a use-after-free issue in blink/webkit.
CVE-2018-18338
Zhe Jin discovered a buffer overflow issue in the canvas renderer.
CVE-2018-18339
cloudfuzzer discovered a use-after-free issue in the WebAudio
implementation.
CVE-2018-18340
A use-after-free issue was discovered in the MediaRecorder implementation.
CVE-2018-18341
cloudfuzzer discovered a buffer overflow issue in blink/webkit.
CVE-2018-18342
Guang Gong discovered an out-of-bounds write issue in the v8 javascript
library.
CVE-2018-18343
Tran Tien Hung discovered a use-after-free issue in the skia library.
CVE-2018-18344
Jann Horn discovered an error in the Extensions implementation.
CVE-2018-18345
Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation
feature.
CVE-2018-18346
Luan Herrera discovered an error in the user interface.
CVE-2018-18347
Luan Herrera discovered an error in the Navigation implementation.
CVE-2018-18348
Ahmed Elsobky discovered an error in the omnibox implementation.
CVE-2018-18349
David Erceg discovered a policy enforcement error.
CVE-2018-18350
Jun Kokatsu discovered a policy enforcement error.
CVE-2018-18351
Jun Kokatsu discovered a policy enforcement error.
CVE-2018-18352
Jun Kokatsu discovered an error in Media handling.
CVE-2018-18353
Wenxu Wu discovered an error in the network authentication implementation.
CVE-2018-18354
Wenxu Wu discovered an error related to integration with GNOME Shell.
CVE-2018-18355
evil1m0 discovered a policy enforcement error.
CVE-2018-18356
Tran Tien Hung discovered a use-after-free issue in the skia library.
CVE-2018-18357
evil1m0 discovered a policy enforcement error.
CVE-2018-18358
Jann Horn discovered a policy enforcement error.
CVE-2018-18359
cyrilliu discovered an out-of-bounds read issue in the v8 javascript
library.
Several additional security relevant issues are also fixed in this update
that have not yet received CVE identifiers.
For the stable distribution (stretch), these problems have been fixed in
version 71.0.3578.80-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | iceweasel-l10n-mr | < 60.5.1esr-1~deb8u1 | iceweasel-l10n-mr_60.5.1esr-1~deb8u1_all.deb |
Debian | 8 | all | iceweasel-l10n-ms | < 60.5.1esr-1~deb8u1 | iceweasel-l10n-ms_60.5.1esr-1~deb8u1_all.deb |
Debian | 9 | all | thunderbird-l10n-es-ar | < 60.5.1-1~deb9u1 | thunderbird-l10n-es-ar_60.5.1-1~deb9u1_all.deb |
Debian | 8 | all | thunderbird-l10n-ar | < 60.5.1-1~deb8u1 | thunderbird-l10n-ar_60.5.1-1~deb8u1_all.deb |
Debian | 9 | all | lightning-l10n-kab | < 60.5.1-1~deb9u1 | lightning-l10n-kab_60.5.1-1~deb9u1_all.deb |
Debian | 9 | armhf | thunderbird | < 60.5.1-1~deb9u1 | thunderbird_60.5.1-1~deb9u1_armhf.deb |
Debian | 8 | all | iceweasel-l10n-ga-ie | < 60.5.1esr-1~deb8u1 | iceweasel-l10n-ga-ie_60.5.1esr-1~deb8u1_all.deb |
Debian | 9 | all | lightning-l10n-dsb | < 60.5.1-1~deb9u1 | lightning-l10n-dsb_60.5.1-1~deb9u1_all.deb |
Debian | 9 | all | icedove-l10n-ar | < 60.5.1-1~deb9u1 | icedove-l10n-ar_60.5.1-1~deb9u1_all.deb |
Debian | 8 | all | firefox-esr-l10n-rm | < 60.5.1esr-1~deb8u1 | firefox-esr-l10n-rm_60.5.1esr-1~deb8u1_all.deb |