| Summary: | chromium-browser-stable new security issues fixed in 67.0.3396.87 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | cjw, davidwhodgins, herman.viaene, mageia, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | chromium-browser-stable-67.0.3396.62-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-06-08 14:07:05 CEST
Upstream has released version 67.0.3396.87 on June 12: https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_12.html This fixes one new security issue. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Summary:
chromium-browser-stable new security issues fixed in 67.0.3396.79 =>
chromium-browser-stable new security issues fixed in 67.0.3396.87 Updated packages are available for testing: SRPM: chromium-browser-stable-67.0.3396.87-2.mga6.src.rpm RPMS: chromium-browser-67.0.3396.87-2.mga6.i586.rpm chromium-browser-stable-67.0.3396.87-2.mga6.i586.rpm chromium-browser-67.0.3396.87-2.mga6.x86_64.rpm chromium-browser-stable-67.0.3396.87-2.mga6.x86_64.rpm Advisory: Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 (CVE-2018-6149) and incorrect handling of content security policy (CVE-2018-6148). It also contains a new google API key. References: https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_12.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6149 Assignee:
cjw =>
qa-bugs MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Launching at CLI gives: $ chromium-browser [25773:25773:0707/161411.818474:ERROR:context_group.cc(372)] ContextResult::kFatalFailure: too few texture image units supported (0, should be 8). [25689:25689:0707/161411.886654:ERROR:gpu_process_transport_factory.cc(1017)] Lost UI shared context. [25689:25742:0707/161418.903956:ERROR:service_manager_context.cc(258)] Attempting to run unsupported native service: /usr/lib/chromium-browser/chrome_renderer.service [25689:25742:0707/161418.929807:ERROR:service_manager_context.cc(258)] Attempting to run unsupported native service: /usr/lib/chromium-browser/chrome_renderer.service But it seems to work OK: tested by acessing newspaper site and playing its video (plus sound) contents. Whiteboard:
(none) =>
MGA6-32-OK Installed and tested without issue. Tested with multiple sites, including sites with video/audio and WebGL. NO regressions noticed. System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using the nvidia340 proprietary driver. $ uname -a Linux marte 4.14.50-desktop-2.mga6 #1 SMP Mon Jun 18 11:23:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q chromium-browser-stable chromium-browser-stable-67.0.3396.87-2.mga6 Whiteboard:
MGA6-32-OK =>
MGA6-32-OK MGA6-64-OK Advisory committed to svn. Validating the update. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0308.html Resolution:
(none) =>
FIXED |