[Bug 1112111] New: VUL-0: chromium 70.0.3538.67 security update
http://bugzilla.suse.com/show_bug.cgi?id=1112111
Bug ID: 1112111
Summary: VUL-0: chromium 70.0.3538.67 security update
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@suse.de
Reporter: tchvatal@suse.com
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
This update fixes 32 sec issues:
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desk...
[$N/A][888926] High CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned
Williamson and Niklas Baumstark working with Beyond Security’s SecuriTeam
Secure Disclosure program on 2018-09-25
[$N/A][888923] High CVE-2018-17463: Remote code execution in V8. Reported by
Samuel Gross working with Beyond Security’s SecuriTeam Secure Disclosure
program on 2018-09-25
[$3500][872189] High CVE to be assigned: Heap buffer overflow in Little CMS in
PDFium. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on
2018-08-08
[$3000][887273] High CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
of Tencent's Xuanwu Lab on 2018-09-20
[$3000][870226] High CVE-2018-17465: Use after free in V8. Reported by Lin
Zuojian on 2018-08-02
[$1000][880906] High CVE-2018-17466: Memory corruption in Angle. Reported by
Omair on 2018-09-05
[$3000][844881] Medium CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil
Zhani on 2018-05-19
[$2000][876822] Medium CVE-2018-17468: Cross-origin URL disclosure in Blink.
Reported by James Lee (@Windowsrcer) of Kryptos Logic on 2018-08-22
[$1000][880675] Medium CVE-2018-17469: Heap buffer overflow in PDFium. Reported
by Zhen Zhou of NSFOCUS Security Team on 2018-09-05
[$1000][877874] Medium CVE-2018-17470: Memory corruption in GPU Internals.
Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of
Qihoo 360 Technology Co. Ltd on 2018-08-27
[$1000][873080] Medium CVE-2018-17471: Security UI occlusion in full screen
mode. Reported by Lnyas Zhang on 2018-08-10
[$1000][822518] Medium CVE-2018-17472: iframe sandbox escape on iOS. Reported
by Jun Kokatsu (@shhnjk) on 2018-03-16
[$500][882078] Medium CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil
Zhani on 2018-09-08
[$500][843151] Medium CVE-2018-17474: Use after free in Blink. Reported by Zhe
Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360
Technology Co. Ltd on 2018-05-15
[$500][852634] Low CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir
Metnew on 2018-06-14
[$500][812769] Low CVE-2018-17476: Security UI occlusion in full screen mode.
Reported by Khalil Zhani on 2018-02-15
[$500][805496] Low CVE-2018-5179: Lack of limits on update() in ServiceWorker.
Reported by Yannic Bonenberger on 2018-01-24
[$N/A][863703] Low CVE-2018-17477: UI spoof in Extensions. Reported by Aaron
Muir Hamilton
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c1
--- Comment #1 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
SMASH SMASH
http://bugzilla.suse.com/show_bug.cgi?id=1112111
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c3
--- Comment #3 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c6
--- Comment #6 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c7
Tomáš Chvátal
Still failing... https://build.opensuse.org/package/show/openSUSE:Maintenance:8777/chromium. openSUSE_Leap_42.3_Update
[ 3216s] ../../media/gpu/vaapi/vaapi_jpeg_decode_accelerator.cc:298:30: error: 'VA_FOURCC_I420' was not declared in this scope [ 3216s] va_image_format_->fourcc = VA_FOURCC_I420; [ 3216s] ^~~~~~~~~~~~~~ [ 3216s] ../../media/gpu/vaapi/vaapi_jpeg_decode_accelerator.cc:298:30: note: suggested alternative: 'VA_FOURCC_444P' [ 3216s] va_image_format_->fourcc = VA_FOURCC_I420; [ 3216s] ^~~~~~~~~~~~~~ [ 3216s] VA_FOURCC_444P
Fixed and built on local machine + submitted of course :) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c8
--- Comment #8 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c10
--- Comment #10 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c11
--- Comment #11 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
http://bugzilla.suse.com/show_bug.cgi?id=1112111#c12
--- Comment #12 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1112111
Robert Frohl
participants (1)
-
bugzilla_noreply@novell.com