Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201808-01 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Wed, 22 Aug 2018 21:34:08
Message-Id: 166fe4c8-91c1-09c7-defa-349d4ab78697@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201808-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: August 22, 2018
10 Bugs: #657376, #662436
11 ID: 201808-01
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which allows remote attackers to escalate privileges.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 68.0.3440.75 >= 68.0.3440.75
37 2 www-client/google-chrome
38 < 68.0.3440.75 >= 68.0.3440.75
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the referenced CVE identifiers and Google Chrome
47 Releases for details.
48
49 Impact
50 ======
51
52 A remote attacker could escalate privileges, cause a heap buffer
53 overflow, obtain sensitive information or spoof a URL.
54
55 Workaround
56 ==========
57
58 There is no known workaround at this time.
59
60 Resolution
61 ==========
62
63 All Chromium users should upgrade to the latest version:
64
65 # emerge --sync
66 # emerge --ask --oneshot -v ">=www-client/chromium-68.0.3440.75"
67
68 All Google Chrome users should upgrade to the latest version:
69
70 # emerge --sync
71 # emerge --ask --oneshot -v ">=www-client/google-chrome-68.0.3440.75"
72
73 References
74 ==========
75
76 [ 1 ] CVE-2018-4117
77 https://nvd.nist.gov/vuln/detail/CVE-2018-4117
78 [ 2 ] CVE-2018-6044
79 https://nvd.nist.gov/vuln/detail/CVE-2018-6044
80 [ 3 ] CVE-2018-6150
81 https://nvd.nist.gov/vuln/detail/CVE-2018-6150
82 [ 4 ] CVE-2018-6151
83 https://nvd.nist.gov/vuln/detail/CVE-2018-6151
84 [ 5 ] CVE-2018-6152
85 https://nvd.nist.gov/vuln/detail/CVE-2018-6152
86 [ 6 ] CVE-2018-6153
87 https://nvd.nist.gov/vuln/detail/CVE-2018-6153
88 [ 7 ] CVE-2018-6154
89 https://nvd.nist.gov/vuln/detail/CVE-2018-6154
90 [ 8 ] CVE-2018-6155
91 https://nvd.nist.gov/vuln/detail/CVE-2018-6155
92 [ 9 ] CVE-2018-6156
93 https://nvd.nist.gov/vuln/detail/CVE-2018-6156
94 [ 10 ] CVE-2018-6157
95 https://nvd.nist.gov/vuln/detail/CVE-2018-6157
96 [ 11 ] CVE-2018-6158
97 https://nvd.nist.gov/vuln/detail/CVE-2018-6158
98 [ 12 ] CVE-2018-6159
99 https://nvd.nist.gov/vuln/detail/CVE-2018-6159
100 [ 13 ] CVE-2018-6160
101 https://nvd.nist.gov/vuln/detail/CVE-2018-6160
102 [ 14 ] CVE-2018-6161
103 https://nvd.nist.gov/vuln/detail/CVE-2018-6161
104 [ 15 ] CVE-2018-6162
105 https://nvd.nist.gov/vuln/detail/CVE-2018-6162
106 [ 16 ] CVE-2018-6163
107 https://nvd.nist.gov/vuln/detail/CVE-2018-6163
108 [ 17 ] CVE-2018-6164
109 https://nvd.nist.gov/vuln/detail/CVE-2018-6164
110 [ 18 ] CVE-2018-6165
111 https://nvd.nist.gov/vuln/detail/CVE-2018-6165
112 [ 19 ] CVE-2018-6166
113 https://nvd.nist.gov/vuln/detail/CVE-2018-6166
114 [ 20 ] CVE-2018-6167
115 https://nvd.nist.gov/vuln/detail/CVE-2018-6167
116 [ 21 ] CVE-2018-6168
117 https://nvd.nist.gov/vuln/detail/CVE-2018-6168
118 [ 22 ] CVE-2018-6169
119 https://nvd.nist.gov/vuln/detail/CVE-2018-6169
120 [ 23 ] CVE-2018-6170
121 https://nvd.nist.gov/vuln/detail/CVE-2018-6170
122 [ 24 ] CVE-2018-6171
123 https://nvd.nist.gov/vuln/detail/CVE-2018-6171
124 [ 25 ] CVE-2018-6172
125 https://nvd.nist.gov/vuln/detail/CVE-2018-6172
126 [ 26 ] CVE-2018-6173
127 https://nvd.nist.gov/vuln/detail/CVE-2018-6173
128 [ 27 ] CVE-2018-6174
129 https://nvd.nist.gov/vuln/detail/CVE-2018-6174
130 [ 28 ] CVE-2018-6175
131 https://nvd.nist.gov/vuln/detail/CVE-2018-6175
132 [ 29 ] CVE-2018-6176
133 https://nvd.nist.gov/vuln/detail/CVE-2018-6176
134 [ 30 ] CVE-2018-6177
135 https://nvd.nist.gov/vuln/detail/CVE-2018-6177
136 [ 31 ] CVE-2018-6178
137 https://nvd.nist.gov/vuln/detail/CVE-2018-6178
138 [ 32 ] CVE-2018-6179
139 https://nvd.nist.gov/vuln/detail/CVE-2018-6179
140 [ 33 ] CVE-2108-6150
141 https://nvd.nist.gov/vuln/detail/CVE-2108-6150
142 [ 34 ] Google Chrome 68.0.3440.75 release announcement
143
144 https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
145
146 Availability
147 ============
148
149 This GLSA and any updates to it are available for viewing at
150 the Gentoo Security Website:
151
152 https://security.gentoo.org/glsa/201808-01
153
154 Concerns?
155 =========
156
157 Security is a primary focus of Gentoo Linux and ensuring the
158 confidentiality and security of our users' machines is of utmost
159 importance to us. Any security concerns should be addressed to
160 security@g.o or alternatively, you may file a bug at
161 https://bugs.gentoo.org.
162
163 License
164 =======
165
166 Copyright 2018 Gentoo Foundation, Inc; referenced text
167 belongs to its owner(s).
168
169 The contents of this document are licensed under the
170 Creative Commons - Attribution / Share Alike license.
171
172 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups