Mailinglist Archive: opensuse-security-announce (53 mails)

< Previous Next >
[security-announce] openSUSE-SU-2018:2135-1: important: Security update for Chromium
openSUSE Security Update: Security update for Chromium

Announcement ID: openSUSE-SU-2018:2135-1
Rating: important
References: #1102530
Cross-References: CVE-2018-4117 CVE-2018-6044 CVE-2018-6153
CVE-2018-6154 CVE-2018-6155 CVE-2018-6156
CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
CVE-2018-6161 CVE-2018-6162 CVE-2018-6163
CVE-2018-6164 CVE-2018-6165 CVE-2018-6166
CVE-2018-6167 CVE-2018-6168 CVE-2018-6169
CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
CVE-2018-6173 CVE-2018-6174 CVE-2018-6175
CVE-2018-6176 CVE-2018-6177 CVE-2018-6178
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 28 vulnerabilities is now available.


This update for Chromium to version 68.0.3440.75 fixes multiple issues.

Security issues fixed (boo#1102530):

- CVE-2018-6153: Stack buffer overflow in Skia
- CVE-2018-6154: Heap buffer overflow in WebGL
- CVE-2018-6155: Use after free in WebRTC
- CVE-2018-6156: Heap buffer overflow in WebRTC
- CVE-2018-6157: Type confusion in WebRTC
- CVE-2018-6158: Use after free in Blink
- CVE-2018-6159: Same origin policy bypass in ServiceWorker
- CVE-2018-6161: Same origin policy bypass in WebAudio
- CVE-2018-6162: Heap buffer overflow in WebGL
- CVE-2018-6163: URL spoof in Omnibox
- CVE-2018-6164: Same origin policy bypass in ServiceWorker
- CVE-2018-6165: URL spoof in Omnibox
- CVE-2018-6166: URL spoof in Omnibox
- CVE-2018-6167: URL spoof in Omnibox
- CVE-2018-6168: CORS bypass in Blink
- CVE-2018-6169: Permissions bypass in extension installation
- CVE-2018-6170: Type confusion in PDFium
- CVE-2018-6171: Use after free in WebBluetooth
- CVE-2018-6172: URL spoof in Omnibox
- CVE-2018-6173: URL spoof in Omnibox
- CVE-2018-6174: Integer overflow in SwiftShader
- CVE-2018-6175: URL spoof in Omnibox
- CVE-2018-6176: Local user privilege escalation in Extensions
- CVE-2018-6177: Cross origin information leak in Blink
- CVE-2018-6178: UI spoof in Extensions
- CVE-2018-6179: Local file information leak in Extensions
- CVE-2018-6044: Request privilege escalation in Extensions
- CVE-2018-4117: Cross origin information leak in Blink

The following user interface changes are included:

- Chrome will show the "Not secure" warning on all plain HTTP pages

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-780=1

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
  • No further messages