Overview

File _patchinfo of Package patchinfo.8771

<patchinfo incident="8771">
  <packager>scarabeus_iv</packager>
  <issue tracker="cve" id="2018-5179"></issue>
  <issue tracker="cve" id="2018-17462"></issue>
  <issue tracker="cve" id="2018-17463"></issue>
  <issue tracker="cve" id="2018-17464"></issue>
  <issue tracker="cve" id="2018-17465"></issue>
  <issue tracker="cve" id="2018-17466"></issue>
  <issue tracker="cve" id="2018-17467"></issue>
  <issue tracker="cve" id="2018-17468"></issue>
  <issue tracker="cve" id="2018-17469"></issue>
  <issue tracker="cve" id="2018-17470"></issue>
  <issue tracker="cve" id="2018-17471"></issue>
  <issue tracker="cve" id="2018-17472"></issue>
  <issue tracker="cve" id="2018-17473"></issue>
  <issue tracker="cve" id="2018-17474"></issue>
  <issue tracker="cve" id="2018-17475"></issue>
  <issue tracker="cve" id="2018-17476"></issue>
  <issue tracker="cve" id="2018-17477"></issue>
  <issue tracker="bnc" id="1112111">VUL-0: chromium 70.0.3538.67 security update</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for Chromium</summary>
  <description>This update for Chromium to version 70.0.3538.67 fixes multiple issues.

Security issues fixed (bsc#1112111):

- CVE-2018-17462: Sandbox escape in AppCache
- CVE-2018-17463: Remote code execution in V8
- Heap buffer overflow in Little CMS in PDFium
- CVE-2018-17464: URL spoof in Omnibox
- CVE-2018-17465: Use after free in V8
- CVE-2018-17466: Memory corruption in Angle
- CVE-2018-17467: URL spoof in Omnibox
- CVE-2018-17468: Cross-origin URL disclosure in Blink
- CVE-2018-17469: Heap buffer overflow in PDFium
- CVE-2018-17470: Memory corruption in GPU Internals
- CVE-2018-17471: Security UI occlusion in full screen mode
- CVE-2018-17473: URL spoof in Omnibox
- CVE-2018-17474: Use after free in Blink
- CVE-2018-17475: URL spoof in Omnibox
- CVE-2018-17476: Security UI occlusion in full screen mode
- CVE-2018-5179: Lack of limits on update() in ServiceWorker
- CVE-2018-17477: UI spoof in Extensions
    
VAAPI hardware accelerated rendering is now enabled by default.

This update contains the following packaging changes:

- Use the system libusb-1.0 library
- Use bundled harfbuzz library
- Disable gnome-keyring to avoid crashes

    
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places