Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-12-SP2
patchinfo.7899
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7899
<patchinfo incident="7899"> <issue id="1086124" tracker="bnc"/> <issue id="1084296" tracker="bnc">VUL-0: New chromium release: 65.0.3325.146</issue> <issue id="2018-6078" tracker="cve" /> <issue id="2018-6079" tracker="cve" /> <issue id="2018-6070" tracker="cve" /> <issue id="2018-6071" tracker="cve" /> <issue id="2018-6072" tracker="cve" /> <issue id="2018-6073" tracker="cve" /> <issue id="2018-6074" tracker="cve" /> <issue id="2018-6075" tracker="cve" /> <issue id="2018-6076" tracker="cve" /> <issue id="2018-6077" tracker="cve" /> <issue id="2018-6057" tracker="cve" /> <issue id="2017-11215" tracker="cve" /> <issue id="2018-6067" tracker="cve" /> <issue id="2018-6066" tracker="cve" /> <issue id="2018-6065" tracker="cve" /> <issue id="2018-6064" tracker="cve" /> <issue id="2018-6063" tracker="cve" /> <issue id="2018-6062" tracker="cve" /> <issue id="2018-6061" tracker="cve" /> <issue id="2018-6060" tracker="cve" /> <issue id="2018-6069" tracker="cve" /> <issue id="2018-6068" tracker="cve" /> <issue id="2018-6081" tracker="cve" /> <issue id="2018-6080" tracker="cve" /> <issue id="2018-6083" tracker="cve" /> <issue id="2018-6082" tracker="cve" /> <issue id="2017-11225" tracker="cve" /> <issue tracker="cve" id="2018-6085"/> <issue tracker="cve" id="2018-6086"/> <issue tracker="cve" id="2018-6087"/> <issue tracker="cve" id="2018-6088"/> <issue tracker="cve" id="2018-6089"/> <issue tracker="cve" id="2018-6090"/> <issue tracker="cve" id="2018-6091"/> <issue tracker="cve" id="2018-6092"/> <issue tracker="cve" id="2018-6093"/> <issue tracker="cve" id="2018-6094"/> <issue tracker="cve" id="2018-6095"/> <issue tracker="cve" id="2018-6096"/> <issue tracker="cve" id="2018-6097"/> <issue tracker="cve" id="2018-6098"/> <issue tracker="cve" id="2018-6099"/> <issue tracker="cve" id="2018-6100"/> <issue tracker="cve" id="2018-6101"/> <issue tracker="cve" id="2018-6102"/> <issue tracker="cve" id="2018-6103"/> <issue tracker="cve" id="2018-6104"/> <issue tracker="cve" id="2018-6105"/> <issue tracker="cve" id="2018-6106"/> <issue tracker="cve" id="2018-6107"/> <issue tracker="cve" id="2018-6108"/> <issue tracker="cve" id="2018-6109"/> <issue tracker="cve" id="2018-6110"/> <issue tracker="cve" id="2018-6111"/> <issue tracker="cve" id="2018-6112"/> <issue tracker="cve" id="2018-6113"/> <issue tracker="cve" id="2018-6114"/> <issue tracker="cve" id="2018-6115"/> <issue tracker="cve" id="2018-6116"/> <issue tracker="cve" id="2018-6117"/> <issue tracker="bnc" id="1090000" /> <issue tracker="cve" id="2018-6118" /> <issue tracker="bnc" id="1091288" /> <issue id="1092923" tracker="bnc">VUL-0: CVE-2018-6120,CVE-2018-6121,CVE-2018-6122: chromium: multiple vulnerabilities fixed in 66.0.3359.170</issue> <issue id="1092272" tracker="bnc">Chromium does not support subpixel rendering in Leap 15</issue> <issue id="2018-6122" tracker="cve" /> <issue id="2018-6120" tracker="cve" /> <issue id="2018-6121" tracker="cve" /> <issue tracker="bnc" id="1093031" /> <category>security</category> <rating>important</rating> <packager>AndreasStieger</packager> <description>This update for Chromium to version 66.0.3359.181 fixes the following issues: - CVE-2018-6118: Use after free in Media Cache (bsc#1091288) - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use after free in PDFium - CVE-2018-6089: Same origin policy bypass in Service Worker - CVE-2018-6090: Heap buffer overflow in Skia - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker - CVE-2018-6092: Integer overflow in WebAssembly - CVE-2018-6093: Same origin bypass in Service Worker - CVE-2018-6094: Exploit hardening regression in Oilpan - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload - CVE-2018-6096: Fullscreen UI spoof - CVE-2018-6097: Fullscreen UI spoof - CVE-2018-6098: URL spoof in Omnibox - CVE-2018-6099: CORS bypass in ServiceWorker - CVE-2018-6100: URL spoof in Omnibox - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools - CVE-2018-6102: URL spoof in Omnibox - CVE-2018-6103: UI spoof in Permissions - CVE-2018-6104: URL spoof in Omnibox - CVE-2018-6105: URL spoof in Omnibox - CVE-2018-6106: Incorrect handling of promises in V8 - CVE-2018-6107: URL spoof in Omnibox - CVE-2018-6108: URL spoof in Omnibox - CVE-2018-6109: Incorrect handling of files by FileAPI - CVE-2018-6110: Incorrect handling of plaintext files via file:// - CVE-2018-6111: Heap-use-after-free in DevTools - CVE-2018-6112: Incorrect URL handling in DevTools - CVE-2018-6113: URL spoof in Navigation - CVE-2018-6114: CSP bypass - CVE-2018-6115: SmartScreen bypass in downloads - CVE-2018-6116: Incorrect low memory handling in WebAssembly - CVE-2018-6117: Confusing autofill settings - CVE-2017-11215: Use after free in Flash - CVE-2017-11225: Use after free in Flash - CVE-2018-6060: Use after free in Blink - CVE-2018-6061: Race condition in V8 - CVE-2018-6062: Heap buffer overflow in Skia - CVE-2018-6057: Incorrect permissions on shared memory - CVE-2018-6063: Incorrect permissions on shared memory - CVE-2018-6064: Type confusion in V8 - CVE-2018-6065: Integer overflow in V8 - CVE-2018-6066: Same Origin Bypass via canvas - CVE-2018-6067: Buffer overflow in Skia - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab - CVE-2018-6069: Stack buffer overflow in Skia - CVE-2018-6070: CSP bypass through extensions - CVE-2018-6071: Heap bufffer overflow in Skia - CVE-2018-6072: Integer overflow in PDFium - CVE-2018-6073: Heap bufffer overflow in WebGL - CVE-2018-6074: Mark-of-the-Web bypass - CVE-2018-6075: Overly permissive cross origin downloads - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink - CVE-2018-6077: Timing attack using SVG filters - CVE-2018-6078: URL Spoof in OmniBox - CVE-2018-6079: Information disclosure via texture data in WebGL - CVE-2018-6080: Information disclosure in IPC call - CVE-2018-6081: XSS in interstitials - CVE-2018-6082: Circumvention of port blocking - CVE-2018-6083: Incorrect processing of AppManifests - CVE-2018-6121: Privilege Escalation in extensions - CVE-2018-6122: Type confusion in V8 - CVE-2018-6120: Heap buffer overflow in PDFium - bsc#1086124: Various fixes from internal audits, fuzzing and other initiatives This update also supports mitigation against the Spectre vulnerabilities: "Strict site isolation" is disabled for most users and can be turned on via: chrome://flags/#enable-site-per-process This feature is undergoing a small percentage trial. Out out of the trial is possible via: chrome://flags/#site-isolation-trial-opt-out The following tracked packaging bug were fixed: - Chromium could not be installed from SUSE PackageHub 12 without having the SDK enabled (bsc#1070421) - Chromium could not be installed when libminizip1 was not available (bsc#1093031) </description> <summary>Security update for Chromium</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor