Bug 23153 - chromium-browser-stable new security issues fixed in 67.0.3396.87
Summary: chromium-browser-stable new security issues fixed in 67.0.3396.87
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-06-08 14:07 CEST by David Walser
Modified: 2018-07-11 23:09 CEST (History)
5 users (show)

See Also:
Source RPM: chromium-browser-stable-67.0.3396.62-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-06-08 14:07:05 CEST
Upstream has released version 67.0.3396.79 on June 6:
https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html

This fixes one new security issue.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Comment 1 David Walser 2018-06-19 12:57:24 CEST
Upstream has released version 67.0.3396.87 on June 12:
https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_12.html

This fixes one new security issue.

This is the current version in the stable channel:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

Summary: chromium-browser-stable new security issues fixed in 67.0.3396.79 => chromium-browser-stable new security issues fixed in 67.0.3396.87

Comment 2 Christiaan Welvaart 2018-07-06 00:15:03 CEST
Updated packages are available for testing:

SRPM:
chromium-browser-stable-67.0.3396.87-2.mga6.src.rpm
RPMS:
chromium-browser-67.0.3396.87-2.mga6.i586.rpm
chromium-browser-stable-67.0.3396.87-2.mga6.i586.rpm
chromium-browser-67.0.3396.87-2.mga6.x86_64.rpm
chromium-browser-stable-67.0.3396.87-2.mga6.x86_64.rpm



Advisory:


Chromium-browser 67.0.3396.87-2 fixes an out-of-bounds write error in V8 (CVE-2018-6149) and incorrect handling of content security policy (CVE-2018-6148). It also contains a new google API key.


References:

https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop_12.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6149

Assignee: cjw => qa-bugs
CC: (none) => cjw

Comment 3 Herman Viaene 2018-07-07 16:23:06 CEST
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Launching at CLI gives:
$ chromium-browser 
[25773:25773:0707/161411.818474:ERROR:context_group.cc(372)] ContextResult::kFatalFailure: too few texture image units supported (0, should be 8).
[25689:25689:0707/161411.886654:ERROR:gpu_process_transport_factory.cc(1017)] Lost UI shared context.
[25689:25742:0707/161418.903956:ERROR:service_manager_context.cc(258)] Attempting to run unsupported native service: /usr/lib/chromium-browser/chrome_renderer.service
[25689:25742:0707/161418.929807:ERROR:service_manager_context.cc(258)] Attempting to run unsupported native service: /usr/lib/chromium-browser/chrome_renderer.service
But it seems to work OK: tested by acessing newspaper site and playing its video (plus sound) contents.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 4 PC LX 2018-07-08 16:58:39 CEST
Installed and tested without issue.

Tested with multiple sites, including sites with video/audio and WebGL. NO regressions noticed.

System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using the nvidia340 proprietary driver.

$ uname -a
Linux marte 4.14.50-desktop-2.mga6 #1 SMP Mon Jun 18 11:23:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q chromium-browser-stable 
chromium-browser-stable-67.0.3396.87-2.mga6

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
CC: (none) => mageia

Comment 5 Dave Hodgins 2018-07-11 22:31:36 CEST
Advisory committed to svn. Validating the update.

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 6 Mageia Robot 2018-07-11 23:09:03 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0308.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.