FEDORA-EPEL-2018-656b24ec40

security update in Fedora EPEL 7 for chromium

Status: stable 10 months ago

Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148


Update to 66.0.3359.181. Security fix for CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2018-656b24ec40

Comments 11

This update has been submitted for testing by spot.

This update has obsoleted chromium-66.0.3359.181-3.el7, and has inherited its bugs and notes.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

lgtm too

karma: +1

Running with no issues on RHEL / CentOS 7.

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1568761 CVE-2018-6085 chromium-browser: Use after free in Disk Cache
#1568762 CVE-2018-6086 chromium-browser: Use after free in Disk Cache
#1568763 CVE-2018-6087 chromium-browser: Use after free in WebAssembly
#1568764 CVE-2018-6088 chromium-browser: Use after free in PDFium
#1568765 CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker
#1568766 CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia
#1568767 CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker
#1568769 CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly
#1568770 CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker
#1568771 CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan
#1568773 CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload
#1568774 CVE-2018-6096 chromium-browser: Fullscreen UI spoof
#1568775 CVE-2018-6097 chromium-browser: Fullscreen UI spoof
#1568776 CVE-2018-6098 chromium-browser: URL spoof in Omnibox
#1568777 CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker
#1568778 CVE-2018-6100 chromium-browser: URL spoof in Omnibox
#1568779 CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools
#1568780 CVE-2018-6102 chromium-browser: URL spoof in Omnibox
#1568781 CVE-2018-6103 chromium-browser: UI spoof in Permissions
#1568782 CVE-2018-6104 chromium-browser: URL spoof in Omnibox
#1568785 CVE-2018-6105 chromium-browser: URL spoof in Omnibox
#1568786 CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8
#1568787 CVE-2018-6107 chromium-browser: URL spoof in Omnibox
#1568788 CVE-2018-6108 chromium-browser: URL spoof in Omnibox
#1568789 CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI
#1568790 CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://
#1568791 CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools
#1568792 CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools
#1568793 CVE-2018-6113 chromium-browser: URL spoof in Navigation
#1568794 CVE-2018-6114 chromium-browser: CSP bypass
#1568795 CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads
#1568796 CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly
#1568797 CVE-2018-6117 chromium-browser: Confusing autofill settings
#1568800 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 ... chromium: various flaws [epel-7]
#1573856 CVE-2018-6118 chromium-browser: Use after free in Media Cache
#1573860 CVE-2018-6118 chromium: chromium-browser: Use after free in Media Cache [epel-7]
#1577113 CVE-2018-6121 chromium-browser: Privilege Escalation in extensions
#1577114 CVE-2018-6122 chromium-browser: Type confusion in V8
#1577115 CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium
#1577116 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 chromium: various flaws [epel-7]
#1584032 CVE-2018-6123 chromium-browser: Use after free in Blink
#1584033 CVE-2018-6124 chromium-browser: Type confusion in Blink
#1584034 CVE-2018-6125 chromium-browser: Overly permissive policy in WebUSB
#1584035 CVE-2018-6126 Skia: Heap buffer overflow rasterizing paths in SVG
#1584037 CVE-2018-6127 chromium-browser: Use after free in indexedDB
#1584038 CVE-2018-6128 chromium-browser: uXSS in Chrome on iOS
#1584039 CVE-2018-6129 chromium-browser: Out of bounds memory access in WebRTC
#1584040 CVE-2018-6130 chromium-browser: Out of bounds memory access in WebRTC
#1584042 CVE-2018-6131 chromium-browser: Incorrect mutability protection in WebAssembly
#1584043 CVE-2018-6132 chromium-browser: Use of uninitialized memory in WebRTC
#1584044 CVE-2018-6133 chromium-browser: URL spoof in Omnibox
#1584045 CVE-2018-6134 chromium-browser: Referrer Policy bypass in Blink
#1584046 CVE-2018-6135 chromium-browser: UI spoofing in Blink
#1584047 CVE-2018-6136 chromium-browser: Out of bounds memory access in V8
#1584048 CVE-2018-6137 chromium-browser: Leak of visited status of page in Blink
#1584049 CVE-2018-6138 chromium-browser: Overly permissive policy in Extensions
#1584050 CVE-2018-6139 chromium-browser: Restrictions bypass in the debugger extension API
#1584051 CVE-2018-6140 chromium-browser: Restrictions bypass in the debugger extension API
#1584052 CVE-2018-6141 chromium-browser: Heap buffer overflow in Skia
#1584054 CVE-2018-6142 chromium-browser: Out of bounds memory access in V8
#1584055 CVE-2018-6143 chromium-browser: Out of bounds memory access in V8
#1584056 CVE-2018-6144 chromium-browser: Out of bounds memory access in PDFium
#1584057 CVE-2018-6145 chromium-browser: Incorrect escaping of MathML in Blink
#1584058 CVE-2018-6147 chromium-browser: Password fields not taking advantage of OS protections in Views
#1584059 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 ... chromium: various flaws [fedora-all]
#1588379 CVE-2018-6148 chromium-browser: Incorrect handling of CSP header
#1588381 CVE-2018-6148 chromium: chromium-browser: Incorrect handling of CSP header [epel-7]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted a year ago
in testing a year ago
in stable 10 months ago

Related Bugs 67

00 #1568761 CVE-2018-6085 chromium-browser: Use after free in Disk Cache
00 #1568762 CVE-2018-6086 chromium-browser: Use after free in Disk Cache
00 #1568763 CVE-2018-6087 chromium-browser: Use after free in WebAssembly
00 #1568764 CVE-2018-6088 chromium-browser: Use after free in PDFium
00 #1568765 CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker
00 #1568766 CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia
00 #1568767 CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker
00 #1568769 CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly
00 #1568770 CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker
00 #1568771 CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan
00 #1568773 CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload
00 #1568774 CVE-2018-6096 chromium-browser: Fullscreen UI spoof
00 #1568775 CVE-2018-6097 chromium-browser: Fullscreen UI spoof
00 #1568776 CVE-2018-6098 chromium-browser: URL spoof in Omnibox
00 #1568777 CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker
00 #1568778 CVE-2018-6100 chromium-browser: URL spoof in Omnibox
00 #1568779 CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools
00 #1568780 CVE-2018-6102 chromium-browser: URL spoof in Omnibox
00 #1568781 CVE-2018-6103 chromium-browser: UI spoof in Permissions
00 #1568782 CVE-2018-6104 chromium-browser: URL spoof in Omnibox
00 #1568785 CVE-2018-6105 chromium-browser: URL spoof in Omnibox
00 #1568786 CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8
00 #1568787 CVE-2018-6107 chromium-browser: URL spoof in Omnibox
00 #1568788 CVE-2018-6108 chromium-browser: URL spoof in Omnibox
00 #1568789 CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI
00 #1568790 CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://
00 #1568791 CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools
00 #1568792 CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools
00 #1568793 CVE-2018-6113 chromium-browser: URL spoof in Navigation
00 #1568794 CVE-2018-6114 chromium-browser: CSP bypass
00 #1568795 CVE-2018-6115 chromium-browser: SmartScreen bypass in downloads
00 #1568796 CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly
00 #1568797 CVE-2018-6117 chromium-browser: Confusing autofill settings
00 #1568800 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 ... chromium: various flaws [epel-7]
00 #1573856 CVE-2018-6118 chromium-browser: Use after free in Media Cache
00 #1573860 CVE-2018-6118 chromium: chromium-browser: Use after free in Media Cache [epel-7]
00 #1577113 CVE-2018-6121 chromium-browser: Privilege Escalation in extensions
00 #1577114 CVE-2018-6122 chromium-browser: Type confusion in V8
00 #1577115 CVE-2018-6120 chromium-browser: Heap buffer overflow in PDFium
00 #1577116 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 chromium: various flaws [epel-7]
00 #1584032 CVE-2018-6123 chromium-browser: Use after free in Blink
00 #1584033 CVE-2018-6124 chromium-browser: Type confusion in Blink
00 #1584034 CVE-2018-6125 chromium-browser: Overly permissive policy in WebUSB
00 #1584035 CVE-2018-6126 Skia: Heap buffer overflow rasterizing paths in SVG
00 #1584037 CVE-2018-6127 chromium-browser: Use after free in indexedDB
00 #1584038 CVE-2018-6128 chromium-browser: uXSS in Chrome on iOS
00 #1584039 CVE-2018-6129 chromium-browser: Out of bounds memory access in WebRTC
00 #1584040 CVE-2018-6130 chromium-browser: Out of bounds memory access in WebRTC
00 #1584042 CVE-2018-6131 chromium-browser: Incorrect mutability protection in WebAssembly
00 #1584043 CVE-2018-6132 chromium-browser: Use of uninitialized memory in WebRTC
00 #1584044 CVE-2018-6133 chromium-browser: URL spoof in Omnibox
00 #1584045 CVE-2018-6134 chromium-browser: Referrer Policy bypass in Blink
00 #1584046 CVE-2018-6135 chromium-browser: UI spoofing in Blink
00 #1584047 CVE-2018-6136 chromium-browser: Out of bounds memory access in V8
00 #1584048 CVE-2018-6137 chromium-browser: Leak of visited status of page in Blink
00 #1584049 CVE-2018-6138 chromium-browser: Overly permissive policy in Extensions
00 #1584050 CVE-2018-6139 chromium-browser: Restrictions bypass in the debugger extension API
00 #1584051 CVE-2018-6140 chromium-browser: Restrictions bypass in the debugger extension API
00 #1584052 CVE-2018-6141 chromium-browser: Heap buffer overflow in Skia
00 #1584054 CVE-2018-6142 chromium-browser: Out of bounds memory access in V8
00 #1584055 CVE-2018-6143 chromium-browser: Out of bounds memory access in V8
00 #1584056 CVE-2018-6144 chromium-browser: Out of bounds memory access in PDFium
00 #1584057 CVE-2018-6145 chromium-browser: Incorrect escaping of MathML in Blink
00 #1584058 CVE-2018-6147 chromium-browser: Password fields not taking advantage of OS protections in Views
00 #1584059 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 ... chromium: various flaws [fedora-all]
00 #1588379 CVE-2018-6148 chromium-browser: Incorrect handling of CSP header
00 #1588381 CVE-2018-6148 chromium: chromium-browser: Incorrect handling of CSP header [epel-7]

Automated Test Results