Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: "Christopher Díaz Riveros" <chrisadr@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201802-02 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Mon, 19 Feb 2018 23:22:05
Message-Id: 1519082447.2505.0.camel@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201802-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: February 19, 2018
10 Bugs: #647124, #647636
11 ID: 201802-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the execution of arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 64.0.3282.167 >= 64.0.3282.167
37 2 www-client/google-chrome
38 < 64.0.3282.167 >= 64.0.3282.167
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the referenced CVE identifiers and Google Chrome
47 Releases for details.
48
49 Impact
50 ======
51
52 A remote attacker could possibly execute arbitrary code with the
53 privileges of the process, cause a Denial of Service condition, bypass
54 content security controls, or conduct URL spoofing.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Chromium users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot -v ">=www-client/chromium-64.0.3282.167"
68
69 All Google Chrome users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge -a --oneshot -v ">=www-client/google-chrome-64.0.3282.167"
73
74 References
75 ==========
76
77 [ 1 ] CVE-2018-6031
78 https://nvd.nist.gov/vuln/detail/CVE-2018-6031
79 [ 2 ] CVE-2018-6032
80 https://nvd.nist.gov/vuln/detail/CVE-2018-6032
81 [ 3 ] CVE-2018-6033
82 https://nvd.nist.gov/vuln/detail/CVE-2018-6033
83 [ 4 ] CVE-2018-6034
84 https://nvd.nist.gov/vuln/detail/CVE-2018-6034
85 [ 5 ] CVE-2018-6035
86 https://nvd.nist.gov/vuln/detail/CVE-2018-6035
87 [ 6 ] CVE-2018-6036
88 https://nvd.nist.gov/vuln/detail/CVE-2018-6036
89 [ 7 ] CVE-2018-6037
90 https://nvd.nist.gov/vuln/detail/CVE-2018-6037
91 [ 8 ] CVE-2018-6038
92 https://nvd.nist.gov/vuln/detail/CVE-2018-6038
93 [ 9 ] CVE-2018-6039
94 https://nvd.nist.gov/vuln/detail/CVE-2018-6039
95 [ 10 ] CVE-2018-6040
96 https://nvd.nist.gov/vuln/detail/CVE-2018-6040
97 [ 11 ] CVE-2018-6041
98 https://nvd.nist.gov/vuln/detail/CVE-2018-6041
99 [ 12 ] CVE-2018-6042
100 https://nvd.nist.gov/vuln/detail/CVE-2018-6042
101 [ 13 ] CVE-2018-6043
102 https://nvd.nist.gov/vuln/detail/CVE-2018-6043
103 [ 14 ] CVE-2018-6045
104 https://nvd.nist.gov/vuln/detail/CVE-2018-6045
105 [ 15 ] CVE-2018-6046
106 https://nvd.nist.gov/vuln/detail/CVE-2018-6046
107 [ 16 ] CVE-2018-6047
108 https://nvd.nist.gov/vuln/detail/CVE-2018-6047
109 [ 17 ] CVE-2018-6048
110 https://nvd.nist.gov/vuln/detail/CVE-2018-6048
111 [ 18 ] CVE-2018-6049
112 https://nvd.nist.gov/vuln/detail/CVE-2018-6049
113 [ 19 ] CVE-2018-6050
114 https://nvd.nist.gov/vuln/detail/CVE-2018-6050
115 [ 20 ] CVE-2018-6051
116 https://nvd.nist.gov/vuln/detail/CVE-2018-6051
117 [ 21 ] CVE-2018-6052
118 https://nvd.nist.gov/vuln/detail/CVE-2018-6052
119 [ 22 ] CVE-2018-6053
120 https://nvd.nist.gov/vuln/detail/CVE-2018-6053
121 [ 23 ] CVE-2018-6054
122 https://nvd.nist.gov/vuln/detail/CVE-2018-6054
123 [ 24 ] CVE-2018-6056
124 https://nvd.nist.gov/vuln/detail/CVE-2018-6056
125 [ 25 ] Google Chrome Release 20180124
126 https://chromereleases.googleblog.com/2018/01/stable-channel-upd
127 ate-for-desktop_24.html
128 [ 26 ] Google Chrome Release 20180213
129 https://chromereleases.googleblog.com/2018/02/stable-channel-upd
130 ate-for-desktop_13.html
131
132 Availability
133 ============
134
135 This GLSA and any updates to it are available for viewing at
136 the Gentoo Security Website:
137
138 https://security.gentoo.org/glsa/201802-02
139
140 Concerns?
141 =========
142
143 Security is a primary focus of Gentoo Linux and ensuring the
144 confidentiality and security of our users' machines is of utmost
145 importance to us. Any security concerns should be addressed to
146 security@g.o or alternatively, you may file a bug at
147 https://bugs.gentoo.org.
148
149 License
150 =======
151
152 Copyright 2018 Gentoo Foundation, Inc; referenced text
153 belongs to its owner(s).
154
155 The contents of this document are licensed under the
156 Creative Commons - Attribution / Share Alike license.
157
158 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups