Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 672606 (CVE-2018-17480, CVE-2018-17481, CVE-2018-18335, CVE-2018-18336, CVE-2018-18337, CVE-2018-18338, CVE-2018-18339, CVE-2018-18340, CVE-2018-18341, CVE-2018-18342, CVE-2018-18343, CVE-2018-18344, CVE-2018-18345, CVE-2018-18346, CVE-2018-18347, CVE-2018-18348, CVE-2018-18349, CVE-2018-18350, CVE-2018-18351, CVE-2018-18352, CVE-2018-18353, CVE-2018-18354, CVE-2018-18355, CVE-2018-18356, CVE-2018-18357, CVE-2018-18358, CVE-2018-18359) - <www-client/chromium-71.0.3578.80: multiple vulnerabilities
Summary: <www-client/chromium-71.0.3578.80: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-17480, CVE-2018-17481, CVE-2018-18335, CVE-2018-18336, CVE-2018-18337, CVE-2018-18338, CVE-2018-18339, CVE-2018-18340, CVE-2018-18341, CVE-2018-18342, CVE-2018-18343, CVE-2018-18344, CVE-2018-18345, CVE-2018-18346, CVE-2018-18347, CVE-2018-18348, CVE-2018-18349, CVE-2018-18350, CVE-2018-18351, CVE-2018-18352, CVE-2018-18353, CVE-2018-18354, CVE-2018-18355, CVE-2018-18356, CVE-2018-18357, CVE-2018-18358, CVE-2018-18359
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on: 672692 672696
Blocks:
  Show dependency tree
 
Reported: 2018-12-06 09:23 UTC by Agostino Sarubbo
Modified: 2020-06-04 03:28 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-71.0.3578.80
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2018-12-06 09:23:11 UTC
The Chrome team is delighted to announce the promotion of Chrome 71 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 71.0.3578.80 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 71.
Security Fixes and Rewards
 Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
 This update includes 43 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
 [$N/A][905940] High CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup on 2018-11-16
[$6000][901654] High CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous on 2018-11-04
[$5000][895362] High CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous on 2018-10-15
[$5000][898531] High CVE-2018-18336: Use after free in PDFium. Reported by Huyna at Viettel Cyber Security on 2018-10-24
[$3000][886753] High CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer on 2018-09-19
[$3000][890576] High CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-09-29
[$3000][891187] High CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer on 2018-10-02
[$3000][896736] High CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous on 2018-10-18
[$3000][901030] High CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer on 2018-11-01
[$3000][906313] High CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-11-17
[$1000][882423] High CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-10
[$TBD][866426] High CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn of Google Project Zero on 2018-07-23
[$TBD][900910] High To be allocated: Multiple issues in SQLite via WebSQL. Reported by Wenxiang Qian of Tencent Blade Team on 2018-11-01
[$8000][886976] Medium CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu (@shhnjk) on 2018-09-19
[$2000][606104] Medium CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera (@lbherrera_) on 2016-04-23
[$2000][850824] Medium CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-06-08
[$2000][881659] Medium CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky (@0xsobky) on 2018-09-07
[$2000][894399] Medium CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg on 2018-10-11
[$1000][799747] Medium CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu (@shhnjk) on 2018-01-06
[$1000][833847] Medium CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu (@shhnjk) on 2018-04-17
[$1000][849942] Medium CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu (@shhnjk) on 2018-06-06
[$1000][884179] Medium CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-14
[$1000][889459] Medium CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-26
[$500][896717] Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
[$TBD][883666] Medium CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13
[$TBD][895207] Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-15
[$TBD][899126] Medium CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn of Google Project Zero on 2018-10-26
[$TBD][907714] Medium CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu of Tencent Zhanlu Lab on 2018-11-22
[$500][851821] Low To be allocated: Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed on 2018-06-12
[$500][856135] Low To be allocated: Use after free in Extensions. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-06-25
[$500][879965] Low To be allocated: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-09-03
[$500][882270] Low To be allocated: Inappropriate implementation in Navigation. Reported by Jesper van den Ende on 2018-09-09
[$500][890558] Low To be allocated: Insufficient policy enforcement in Navigation. Reported by Ryan Pickren (ryanpickren.com) on 2018-09-29
[$TBD][895885] Low To be allocated: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-16
 This bug was fixed in Chrome 69, but was incorrectly omitted from the release notes at the time:
 [$3000][853937] Medium To be allocated: Insufficient policy enforcement in Payments. Reported by Jun Kokatsu (@shhnjk) on 2018-06-18
 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
[911706] Various fixes from internal audits, fuzzing and other initiatives
 Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Comment 1 Stabilization helper bot gentoo-dev 2018-12-06 20:00:59 UTC
An automated check of this bug failed - repoman reported dependency errors (53 lines truncated): 

> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=app-accessibility/at-spi2-atk-2.26:2', '>=dev-libs/re2-0.2016.11.01:=']
> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=app-accessibility/at-spi2-atk-2.26:2', '>=dev-libs/re2-0.2016.11.01:=']
> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=app-accessibility/at-spi2-atk-2.26:2', '>=dev-libs/re2-0.2016.11.01:=']
Comment 2 Stabilization helper bot gentoo-dev 2018-12-07 15:00:55 UTC
An automated check of this bug failed - repoman reported dependency errors (53 lines truncated): 

> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=app-accessibility/at-spi2-atk-2.26:2']
> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=app-accessibility/at-spi2-atk-2.26:2']
> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=app-accessibility/at-spi2-atk-2.26:2']
Comment 3 Mart Raudsepp gentoo-dev 2018-12-07 15:59:27 UTC
*** Bug 672696 has been marked as a duplicate of this bug. ***
Comment 4 Stabilization helper bot gentoo-dev 2018-12-07 16:00:50 UTC
An automated check of this bug failed - repoman reported dependency errors (53 lines truncated): 

> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=app-accessibility/at-spi2-atk-2.26:2']
> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=app-accessibility/at-spi2-atk-2.26:2']
> dependency.bad www-client/chromium/chromium-71.0.3578.80.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=app-accessibility/at-spi2-atk-2.26:2']
Comment 5 Stabilization helper bot gentoo-dev 2018-12-07 17:02:07 UTC
An automated check of this bug succeeded - the previous repoman errors are now resolved.
Comment 6 Larry the Git Cow gentoo-dev 2018-12-07 21:26:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1419c479bbbb213ba9271d68ac059e3def2e4eee

commit 1419c479bbbb213ba9271d68ac059e3def2e4eee
Author:     Richard Freeman <rich0@gentoo.org>
AuthorDate: 2018-12-07 21:26:37 +0000
Commit:     Richard Freeman <rich0@gentoo.org>
CommitDate: 2018-12-07 21:26:37 +0000

    www-client/chromium: amd64 stable
    
    Bug: https://bugs.gentoo.org/672606
    Signed-off-by: Richard Freeman <rich0@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 www-client/chromium/chromium-71.0.3578.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2019-08-16 17:38:21 UTC
Adding to an existing request.
Comment 8 Larry the Git Cow gentoo-dev 2019-08-16 17:45:31 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0ebaa517a5d6a0b5a62aa1d6a19091a8eb11ecfd

commit 0ebaa517a5d6a0b5a62aa1d6a19091a8eb11ecfd
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-08-16 17:44:26 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-08-16 17:44:26 +0000

    [ GLSA 201908-18 ] Updated
    
    Bug 672606 was added to GLSA.
    
    Closes: https://bugs.gentoo.org/672606
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 glsa-201908-18.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 83 insertions(+), 2 deletions(-)