| Summary: | chromium-browser-stable new security issues fixed in 68.0.3440.75 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | cjw, jim, sysadmin-bugs, tmb, wrw105 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK MGA6-32-OK | ||
| Source RPM: | chromium-browser-stable-67.0.3396.87-2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-07-29 19:27:47 CEST
Updated packages are ready for testing. MGA6 SRPM: chromium-browser-stable-68.0.3440.106-1.mga6.src.rpm RPMS: chromium-browser-68.0.3440.106-1.mga6.i586.rpm chromium-browser-stable-68.0.3440.106-1.mga6.i586.rpm chromium-browser-68.0.3440.106-1.mga6.x86_64.rpm chromium-browser-stable-68.0.3440.106-1.mga6.x86_64.rpm Advisory: Chromium-browser 68.0.3440.106 fixes security issues: Multiple flaws were found in the way Chromium 67.0.3396.87 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2018-4117, CVE-2018-6044, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6160, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176, CVE-2018-6177, CVE-2018-6178, CVE-2018-6179) Upstream also reported for release 68.0.3440.75 that three additional flaws were fixed in earlier (unspecified) chromium releases but not listed in the release notes for those releases. (CVE-2018-6150, CVE-2018-6151, CVE-2018-6152) References: https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_25.html https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop_31.html https://chromereleases.googleblog.com/2018/08/stable-channel-update-for-desktop.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6167 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6152 CC:
(none) =>
cjw on mga6-64 packages installed cleanly: - chromium-browser-68.0.3440.106-1.mga6.x86_64 - chromium-browser-stable-68.0.3440.106-1.mga6.x86_64 signed in to my Google account tested several bookmarks and other sites no regressions noted looks OK for mga6-64 CC:
(none) =>
jim on mga6-32 packages installed cleanly: - chromium-browser-68.0.3440.106-1.mga6.i586 - chromium-browser-stable-68.0.3440.106-1.mga6.i586 checked a number of web sites no regressions noted Looks OK for mga6-32
James Kerr
2018-08-15 18:18:33 CEST
Whiteboard:
MGA6-64-OK =>
MGA6-64-OK MGA6-32-OK Tested mga6-32 under virtual box. General browsing, jetstream etc all OK. Vaildating, ready for push when advisory added to svn. Keywords:
(none) =>
validated_update
Thomas Backlund
2018-08-17 23:25:34 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0343.html Resolution:
(none) =>
FIXED |