Gentoo Archives: gentoo-announce

From: "Christopher Díaz Riveros" <chrisadr@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201803-05 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Tue, 13 Mar 2018 21:05:27
Message-Id: 1520975052.2496.0.camel@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201803-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: March 13, 2018
10 Bugs: #649800
11 ID: 201803-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the execution of arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 65.0.3325.146 >= 65.0.3325.146
37 2 www-client/google-chrome
38 < 65.0.3325.146 >= 65.0.3325.146
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the referenced CVE identifiers and Google Chrome
47 Releases for details.
48
49 Impact
50 ======
51
52 A remote attacker could possibly execute arbitrary code with the
53 privileges of the process, cause a Denial of Service condition, bypass
54 content security controls, or conduct URL spoofing.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Chromium users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot -v ">=www-client/chromium-65.0.3325.146"
68
69 All Google Chrome users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge -a --oneshot -v ">=www-client/google-chrome-65.0.3325.146"
73
74 References
75 ==========
76
77 [ 1 ] CVE-2018-6057
78 https://nvd.nist.gov/vuln/detail/CVE-2018-6057
79 [ 2 ] CVE-2018-6058
80 https://nvd.nist.gov/vuln/detail/CVE-2018-6058
81 [ 3 ] CVE-2018-6059
82 https://nvd.nist.gov/vuln/detail/CVE-2018-6059
83 [ 4 ] CVE-2018-6060
84 https://nvd.nist.gov/vuln/detail/CVE-2018-6060
85 [ 5 ] CVE-2018-6061
86 https://nvd.nist.gov/vuln/detail/CVE-2018-6061
87 [ 6 ] CVE-2018-6062
88 https://nvd.nist.gov/vuln/detail/CVE-2018-6062
89 [ 7 ] CVE-2018-6063
90 https://nvd.nist.gov/vuln/detail/CVE-2018-6063
91 [ 8 ] CVE-2018-6064
92 https://nvd.nist.gov/vuln/detail/CVE-2018-6064
93 [ 9 ] CVE-2018-6065
94 https://nvd.nist.gov/vuln/detail/CVE-2018-6065
95 [ 10 ] CVE-2018-6066
96 https://nvd.nist.gov/vuln/detail/CVE-2018-6066
97 [ 11 ] CVE-2018-6067
98 https://nvd.nist.gov/vuln/detail/CVE-2018-6067
99 [ 12 ] CVE-2018-6068
100 https://nvd.nist.gov/vuln/detail/CVE-2018-6068
101 [ 13 ] CVE-2018-6069
102 https://nvd.nist.gov/vuln/detail/CVE-2018-6069
103 [ 14 ] CVE-2018-6070
104 https://nvd.nist.gov/vuln/detail/CVE-2018-6070
105 [ 15 ] CVE-2018-6071
106 https://nvd.nist.gov/vuln/detail/CVE-2018-6071
107 [ 16 ] CVE-2018-6072
108 https://nvd.nist.gov/vuln/detail/CVE-2018-6072
109 [ 17 ] CVE-2018-6073
110 https://nvd.nist.gov/vuln/detail/CVE-2018-6073
111 [ 18 ] CVE-2018-6074
112 https://nvd.nist.gov/vuln/detail/CVE-2018-6074
113 [ 19 ] CVE-2018-6075
114 https://nvd.nist.gov/vuln/detail/CVE-2018-6075
115 [ 20 ] CVE-2018-6076
116 https://nvd.nist.gov/vuln/detail/CVE-2018-6076
117 [ 21 ] CVE-2018-6077
118 https://nvd.nist.gov/vuln/detail/CVE-2018-6077
119 [ 22 ] CVE-2018-6078
120 https://nvd.nist.gov/vuln/detail/CVE-2018-6078
121 [ 23 ] CVE-2018-6079
122 https://nvd.nist.gov/vuln/detail/CVE-2018-6079
123 [ 24 ] CVE-2018-6080
124 https://nvd.nist.gov/vuln/detail/CVE-2018-6080
125 [ 25 ] CVE-2018-6081
126 https://nvd.nist.gov/vuln/detail/CVE-2018-6081
127 [ 26 ] CVE-2018-6082
128 https://nvd.nist.gov/vuln/detail/CVE-2018-6082
129 [ 27 ] CVE-2018-6083
130 https://nvd.nist.gov/vuln/detail/CVE-2018-6083
131 [ 28 ] Google Chrome Release 20180306
132 https://chromereleases.googleblog.com/2018/03/stable-channel-upd
133 ate-for-desktop.html
134
135 Availability
136 ============
137
138 This GLSA and any updates to it are available for viewing at
139 the Gentoo Security Website:
140
141 https://security.gentoo.org/glsa/201803-05
142
143 Concerns?
144 =========
145
146 Security is a primary focus of Gentoo Linux and ensuring the
147 confidentiality and security of our users' machines is of utmost
148 importance to us. Any security concerns should be addressed to
149 security@g.o or alternatively, you may file a bug at
150 https://bugs.gentoo.org.
151
152 License
153 =======
154
155 Copyright 2018 Gentoo Foundation, Inc; referenced text
156 belongs to its owner(s).
157
158 The contents of this document are licensed under the
159 Creative Commons - Attribution / Share Alike license.
160
161 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature