FEDORA-EPEL-2018-297fb7f6c0 — security update for chromium

obsolete

chromium-66.0.3359.181-3.el7

FEDORA-EPEL-2018-297fb7f6c0 created by spot 6 years ago for Fedora EPEL 7

Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122

This update has been submitted for testing by spot.

6 years ago

This update has been pushed to testing.

6 years ago

tis commented & provided feedback 6 years ago

karma

Unfortunately update is not installable because of libfontconfig dependency issue in package.

package: chromium-66.0.3359.181-2.el7.x86_64

unresolved deps:

 libfontconfig.so()(64bit)

package: chromium-libs-66.0.3359.181-2.el7.x86_64

unresolved deps:

 libfontconfig.so()(64bit)

There seem to be bundled fontconfig in main package.

bundled(fontconfig) = 2.12.6

I guess bundled library means libfontconfig dep should be filtered out.

System fontconfig is 2.10.95-11.el7.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

6 years ago

spot edited this update.

New build(s):

chromium-66.0.3359.181-3.el7

Removed build(s):

chromium-66.0.3359.181-2.el7

Karma has been reset.

6 years ago

This update has been submitted for testing by spot.

6 years ago

This update has been pushed to testing.

6 years ago

This update has been obsoleted by chromium-67.0.3396.79-1.el7.

6 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Thresholds

Minimum Karma

Minimum Testing

7 days

Dates

submitted

6 years ago

in testing

6 years ago

modified

6 years ago

Builds

chromium-66.0.3359.181-3.el7

BZ#1568761 CVE-2018-6085 chromium-browser: Use after free in Disk Cache

BZ#1568762 CVE-2018-6086 chromium-browser: Use after free in Disk Cache

BZ#1568763 CVE-2018-6087 chromium-browser: Use after free in WebAssembly

BZ#1568764 CVE-2018-6088 chromium-browser: Use after free in PDFium

BZ#1568765 CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker

BZ#1568766 CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia

BZ#1568767 CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker

BZ#1568769 CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly

BZ#1568770 CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker

BZ#1568771 CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan

BZ#1568773 CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload

BZ#1568774 CVE-2018-6096 chromium-browser: Fullscreen UI spoof

BZ#1568775 CVE-2018-6097 chromium-browser: Fullscreen UI spoof

BZ#1568776 CVE-2018-6098 chromium-browser: URL spoof in Omnibox

BZ#1568777 CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker

BZ#1568778 CVE-2018-6100 chromium-browser: URL spoof in Omnibox

BZ#1568779 CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools

BZ#1568780 CVE-2018-6102 chromium-browser: URL spoof in Omnibox

BZ#1568781 CVE-2018-6103 chromium-browser: UI spoof in Permissions

BZ#1568782 CVE-2018-6104 chromium-browser: URL spoof in Omnibox

BZ#1568785 CVE-2018-6105 chromium-browser: URL spoof in Omnibox

BZ#1568786 CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8

BZ#1568787 CVE-2018-6107 chromium-browser: URL spoof in Omnibox

BZ#1568788 CVE-2018-6108 chromium-browser: URL spoof in Omnibox

BZ#1568789 CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI

BZ#1568790 CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://

BZ#1568791 CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools

BZ#1568792 CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools

BZ#1568793 CVE-2018-6113 chromium-browser: URL spoof in Navigation

BZ#1568794 CVE-2018-6114 chromium-browser: CSP bypass

BZ#1568795 CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads

BZ#1568796 CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly

BZ#1568797 CVE-2018-6117 chromium-browser: Confusing autofill settings

BZ#1568800 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 ... chromium: various flaws [epel-7]

BZ#1573856 CVE-2018-6118 chromium-browser: Use after free in Media Cache

BZ#1573860 CVE-2018-6118 chromium: chromium-browser: Use after free in Media Cache [epel-7]

BZ#1577113 CVE-2018-6121 chromium-browser: Privilege Escalation in extensions

BZ#1577114 CVE-2018-6122 chromium-browser: Type confusion in V8

BZ#1577115 CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium

BZ#1577116 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 chromium: various flaws [epel-7]

chromium-66.0.3359.181-3.el7

Automated Test Results

ignored