Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668986 (CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17472, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179) - <www-client/chromium-70.0.3538.67: multiple vulnerabilities
Summary: <www-client/chromium-70.0.3538.67: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17472, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: 668984
Blocks:
  Show dependency tree
 
Reported: 2018-10-19 02:20 UTC by Mike Gilbert
Modified: 2018-11-23 18:01 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-70.0.3538.67
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2018-10-19 02:20:36 UTC 
This update includes 23 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$N/A][888926] High CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson and Niklas Baumstark working with Beyond Security’s SecuriTeam Secure Disclosure program on 2018-09-25
[$N/A][888923] High CVE-2018-17463: Remote code execution in V8. Reported by Samuel Gross working with Beyond Security’s SecuriTeam Secure Disclosure program on 2018-09-25
[$3500][872189] High CVE to be assigned: Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on 2018-08-08
[$3000][887273] High CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2018-09-20
[$3000][870226] High CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian on 2018-08-02
[$1000][880906] High CVE-2018-17466: Memory corruption in Angle. Reported by Omair on 2018-09-05
[$3000][844881] Medium CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-05-19
[$2000][876822] Medium CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee (@Windowsrcer) of Kryptos Logic on 2018-08-22
[$1000][880675] Medium CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-09-05
[$1000][877874] Medium CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-08-27
[$1000][873080] Medium CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang on 2018-08-10
[$1000][822518] Medium CVE-2018-17472: iframe sandbox escape on iOS. Reported by Jun Kokatsu (@shhnjk) on 2018-03-16
[$500][882078] Medium CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-09-08
[$500][843151] Medium CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-15
[$500][852634] Low CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew on 2018-06-14
[$500][812769] Low CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani on 2018-02-15
[$500][805496] Low CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger on 2018-01-24
[$N/A][863703] Low CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton <aaron@correspondwith.me> on 2018-07-14
Comment 1 Stabilization helper bot gentoo-dev 2018-10-19 03:00:44 UTC 
An automated check of this bug failed - repoman reported dependency errors (25 lines truncated): 

> dependency.bad www-client/chromium/chromium-70.0.3538.67.ebuild: DEPEND: amd64(default/linux/amd64/17.0) ['>=media-libs/harfbuzz-1.8.8:=[icu(-)]']
> dependency.bad www-client/chromium/chromium-70.0.3538.67.ebuild: RDEPEND: amd64(default/linux/amd64/17.0) ['>=media-libs/harfbuzz-1.8.8:=[icu(-)]']
> dependency.bad www-client/chromium/chromium-70.0.3538.67.ebuild: DEPEND: amd64(default/linux/amd64/17.0/desktop) ['>=media-libs/harfbuzz-1.8.8:=[icu(-)]']
Comment 2 Agostino Sarubbo gentoo-dev 2018-10-19 13:14:50 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2018-10-19 13:46:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5adeace2636cd5d21996f0c93b65736b91c364d

commit b5adeace2636cd5d21996f0c93b65736b91c364d
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-10-19 13:46:40 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-10-19 13:46:40 +0000

    www-client/chromium: remove old
    
    Bug: https://bugs.gentoo.org/668986
    Package-Manager: Portage-2.3.51_p1, Repoman-2.3.11_p26
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                      |   1 -
 www-client/chromium/chromium-69.0.3497.100.ebuild | 686 ----------------------
 2 files changed, 687 deletions(-)
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2018-11-09 23:46:42 UTC 
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2018-11-23 18:01:46 UTC 
This issue was resolved and addressed in
 GLSA 201811-10 at https://security.gentoo.org/glsa/201811-10
by GLSA coordinator Aaron Bauman (b-man).