FEDORA-EPEL-2018-656b24ec40 — security update for chromium

stable

chromium-67.0.3396.79-1.el7

FEDORA-EPEL-2018-656b24ec40 created by spot 6 years ago for Fedora EPEL 7

Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148

Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122

This update has been submitted for testing by spot.

6 years ago

This update has obsoleted chromium-66.0.3359.181-3.el7, and has inherited its bugs and notes.

6 years ago

This update has been pushed to testing.

6 years ago

sikevux commented & provided feedback 6 years ago

karma

LGTM

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

dneu commented & provided feedback 6 years ago

karma

lgtm too

kathenas provided feedback 6 years ago

kathenas commented & provided feedback 6 years ago

karma

Running with no issues on RHEL / CentOS 7.

This update has been submitted for batched by bodhi.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

6 years ago

in testing

6 years ago

in stable

6 years ago

Builds

chromium-67.0.3396.79-1.el7

BZ#1568761 CVE-2018-6085 chromium-browser: Use after free in Disk Cache

BZ#1568762 CVE-2018-6086 chromium-browser: Use after free in Disk Cache

BZ#1568763 CVE-2018-6087 chromium-browser: Use after free in WebAssembly

BZ#1568764 CVE-2018-6088 chromium-browser: Use after free in PDFium

BZ#1568765 CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker

BZ#1568766 CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia

BZ#1568767 CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker

BZ#1568769 CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly

BZ#1568770 CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker

BZ#1568771 CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan

BZ#1568773 CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload

BZ#1568774 CVE-2018-6096 chromium-browser: Fullscreen UI spoof

BZ#1568775 CVE-2018-6097 chromium-browser: Fullscreen UI spoof

BZ#1568776 CVE-2018-6098 chromium-browser: URL spoof in Omnibox

BZ#1568777 CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker

BZ#1568778 CVE-2018-6100 chromium-browser: URL spoof in Omnibox

BZ#1568779 CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools

BZ#1568780 CVE-2018-6102 chromium-browser: URL spoof in Omnibox

BZ#1568781 CVE-2018-6103 chromium-browser: UI spoof in Permissions

BZ#1568782 CVE-2018-6104 chromium-browser: URL spoof in Omnibox

BZ#1568785 CVE-2018-6105 chromium-browser: URL spoof in Omnibox

BZ#1568786 CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8

BZ#1568787 CVE-2018-6107 chromium-browser: URL spoof in Omnibox

BZ#1568788 CVE-2018-6108 chromium-browser: URL spoof in Omnibox

BZ#1568789 CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI

BZ#1568790 CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://

BZ#1568791 CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools

BZ#1568792 CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools

BZ#1568793 CVE-2018-6113 chromium-browser: URL spoof in Navigation

BZ#1568794 CVE-2018-6114 chromium-browser: CSP bypass

BZ#1568795 CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads

BZ#1568796 CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly

BZ#1568797 CVE-2018-6117 chromium-browser: Confusing autofill settings

BZ#1568800 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 ... chromium: various flaws [epel-7]

BZ#1573856 CVE-2018-6118 chromium-browser: Use after free in Media Cache

BZ#1573860 CVE-2018-6118 chromium: chromium-browser: Use after free in Media Cache [epel-7]

BZ#1577113 CVE-2018-6121 chromium-browser: Privilege Escalation in extensions

BZ#1577114 CVE-2018-6122 chromium-browser: Type confusion in V8

BZ#1577115 CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium

BZ#1577116 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 chromium: various flaws [epel-7]

BZ#1584032 CVE-2018-6123 chromium-browser: Use after free in Blink

BZ#1584033 CVE-2018-6124 chromium-browser: Type confusion in Blink

BZ#1584034 CVE-2018-6125 chromium-browser: Overly permissive policy in WebUSB

BZ#1584035 CVE-2018-6126 Skia: Heap buffer overflow rasterizing paths in SVG

BZ#1584037 CVE-2018-6127 chromium-browser: Use after free in indexedDB

BZ#1584038 CVE-2018-6128 chromium-browser: uXSS in Chrome on iOS

BZ#1584039 CVE-2018-6129 chromium-browser: Out of bounds memory access in WebRTC

BZ#1584040 CVE-2018-6130 chromium-browser: Out of bounds memory access in WebRTC

BZ#1584042 CVE-2018-6131 chromium-browser: Incorrect mutability protection in WebAssembly

BZ#1584043 CVE-2018-6132 chromium-browser: Use of uninitialized memory in WebRTC

BZ#1584044 CVE-2018-6133 chromium-browser: URL spoof in Omnibox

BZ#1584045 CVE-2018-6134 chromium-browser: Referrer Policy bypass in Blink

BZ#1584046 CVE-2018-6135 chromium-browser: UI spoofing in Blink

BZ#1584047 CVE-2018-6136 chromium-browser: Out of bounds memory access in V8

BZ#1584048 CVE-2018-6137 chromium-browser: Leak of visited status of page in Blink

BZ#1584049 CVE-2018-6138 chromium-browser: Overly permissive policy in Extensions

BZ#1584050 CVE-2018-6139 chromium-browser: Restrictions bypass in the debugger extension API

BZ#1584051 CVE-2018-6140 chromium-browser: Restrictions bypass in the debugger extension API

BZ#1584052 CVE-2018-6141 chromium-browser: Heap buffer overflow in Skia

BZ#1584054 CVE-2018-6142 chromium-browser: Out of bounds memory access in V8

BZ#1584055 CVE-2018-6143 chromium-browser: Out of bounds memory access in V8

BZ#1584056 CVE-2018-6144 chromium-browser: Out of bounds memory access in PDFium

BZ#1584057 CVE-2018-6145 chromium-browser: Incorrect escaping of MathML in Blink

BZ#1584058 CVE-2018-6147 chromium-browser: Password fields not taking advantage of OS protections in Views

BZ#1584059 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 ... chromium: various flaws [fedora-all]

BZ#1588379 CVE-2018-6148 chromium-browser: Incorrect handling of CSP header

BZ#1588381 CVE-2018-6148 chromium: chromium-browser: Incorrect handling of CSP header [epel-7]

chromium-67.0.3396.79-1.el7

Automated Test Results

ignored