Bug 1084296 - (CVE-2018-6063) VUL-0: New chromium release: 65.0.3325.146
(CVE-2018-6063)
VUL-0: New chromium release: 65.0.3325.146
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/201364/
CVSSv3:RedHat:CVE-2018-6057:8.8:(AV:N...
:
Depends on: 1084711
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-07 11:54 UTC by Karol Babioch
Modified: 2019-12-10 10:49 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Tomáš Chvátal 2018-03-08 09:04:53 UTC
Let us go with the bigger release:

https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html

[$5000][758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[$5000][758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25
[$3000][780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02
[$3000][794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12
[$1000][780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31
[$N/A][789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30
[$N/A][792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07
[$N/A][798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03
[$N/A][808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01
[$4000][799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05
[$2000][779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30
[$2000][798933] Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera on 2018-01-04
[$1500][799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08
[$1000][668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25
[$1000][777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23
[$1000][791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01
[$1000][804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20
[$1000][809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06
[$500][608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03
[$500][758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24
[$500][778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26
[$500][793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10
[$TBD][788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24
[$N/A][792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05
[$1000][797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24
[$N/A][767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-09-21
[$N/A][771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04
Comment 2 Swamp Workflow Management 2018-03-08 09:40:08 UTC
This is an autogenerated message for OBS integration:
This bug (1084296) was mentioned in
https://build.opensuse.org/request/show/584220 Factory / chromium
Comment 3 Swamp Workflow Management 2018-03-10 11:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1084296) was mentioned in
https://build.opensuse.org/request/show/585265 42.3 / chromium
Comment 4 Andreas Stieger 2018-03-13 08:57:31 UTC
Could we use the bundled harfbuzz for Leap 42.3 and PackageHub instead of the version bump?
Comment 5 Tomáš Chvátal 2018-03-13 09:36:39 UTC
Well if it is desired by sec team I have no problem in conditioning it.

Is there some problem with abi compatibility?
Comment 6 Andreas Stieger 2018-03-13 10:00:22 UTC
(In reply to Tomáš Chvátal from comment #5)
> Well if it is desired by sec team I have no problem in conditioning it.

I think it is acceptable, it would allow us to do Leap 42.3 and PackageHub.

> Is there some problem with abi compatibility?

No particular breaking one is known. But we would need %requires_ge libharfbuzz0 in Chromium in order to have it pull in the updated library along with chromium.
Comment 7 Andreas Stieger 2018-03-15 07:16:07 UTC
Locked for Leap. PackageHub still needs gcc7 update
Comment 8 Swamp Workflow Management 2018-03-16 11:07:15 UTC
openSUSE-SU-2018:0704-1: An update that fixes 27 vulnerabilities is now available.

Category: security (important)
Bug References: 1084296
CVE References: CVE-2017-11215,CVE-2017-11225,CVE-2018-6057,CVE-2018-6060,CVE-2018-6061,CVE-2018-6062,CVE-2018-6063,CVE-2018-6064,CVE-2018-6065,CVE-2018-6066,CVE-2018-6067,CVE-2018-6068,CVE-2018-6069,CVE-2018-6070,CVE-2018-6071,CVE-2018-6072,CVE-2018-6073,CVE-2018-6074,CVE-2018-6075,CVE-2018-6076,CVE-2018-6077,CVE-2018-6078,CVE-2018-6079,CVE-2018-6080,CVE-2018-6081,CVE-2018-6082,CVE-2018-6083
Sources used:
openSUSE Leap 42.3 (src):    chromium-65.0.3325.162-146.1
Comment 9 Andreas Stieger 2018-05-07 19:19:06 UTC
good build for openSUSE:Backports:SLE-12-SP2 at this time after some tweaks in :Update. Closing as resolved.
Comment 10 Swamp Workflow Management 2018-05-09 13:07:43 UTC
openSUSE-SU-2018:1175-1: An update that fixes 61 vulnerabilities is now available.

Category: security (important)
Bug References: 1084296,1086124,1090000,1091288
CVE References: CVE-2017-11215,CVE-2017-11225,CVE-2018-6057,CVE-2018-6060,CVE-2018-6061,CVE-2018-6062,CVE-2018-6063,CVE-2018-6064,CVE-2018-6065,CVE-2018-6066,CVE-2018-6067,CVE-2018-6068,CVE-2018-6069,CVE-2018-6070,CVE-2018-6071,CVE-2018-6072,CVE-2018-6073,CVE-2018-6074,CVE-2018-6075,CVE-2018-6076,CVE-2018-6077,CVE-2018-6078,CVE-2018-6079,CVE-2018-6080,CVE-2018-6081,CVE-2018-6082,CVE-2018-6083,CVE-2018-6085,CVE-2018-6086,CVE-2018-6087,CVE-2018-6088,CVE-2018-6089,CVE-2018-6090,CVE-2018-6091,CVE-2018-6092,CVE-2018-6093,CVE-2018-6094,CVE-2018-6095,CVE-2018-6096,CVE-2018-6097,CVE-2018-6098,CVE-2018-6099,CVE-2018-6100,CVE-2018-6101,CVE-2018-6102,CVE-2018-6103,CVE-2018-6104,CVE-2018-6105,CVE-2018-6106,CVE-2018-6107,CVE-2018-6108,CVE-2018-6109,CVE-2018-6110,CVE-2018-6111,CVE-2018-6112,CVE-2018-6113,CVE-2018-6114,CVE-2018-6115,CVE-2018-6116,CVE-2018-6117,CVE-2018-6118
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-66.0.3359.139-2.1
Comment 11 Swamp Workflow Management 2018-05-26 23:50:10 UTC
This is an autogenerated message for OBS integration:
This bug (1084296) was mentioned in
https://build.opensuse.org/request/show/612434 Backports:SLE-12-SP2 / chromium
Comment 12 Swamp Workflow Management 2018-05-27 16:06:57 UTC
openSUSE-SU-2018:1437-1: An update that fixes 64 vulnerabilities is now available.

Category: security (important)
Bug References: 1084296,1086124,1090000,1091288,1092272,1092923,1093031
CVE References: CVE-2017-11215,CVE-2017-11225,CVE-2018-6057,CVE-2018-6060,CVE-2018-6061,CVE-2018-6062,CVE-2018-6063,CVE-2018-6064,CVE-2018-6065,CVE-2018-6066,CVE-2018-6067,CVE-2018-6068,CVE-2018-6069,CVE-2018-6070,CVE-2018-6071,CVE-2018-6072,CVE-2018-6073,CVE-2018-6074,CVE-2018-6075,CVE-2018-6076,CVE-2018-6077,CVE-2018-6078,CVE-2018-6079,CVE-2018-6080,CVE-2018-6081,CVE-2018-6082,CVE-2018-6083,CVE-2018-6085,CVE-2018-6086,CVE-2018-6087,CVE-2018-6088,CVE-2018-6089,CVE-2018-6090,CVE-2018-6091,CVE-2018-6092,CVE-2018-6093,CVE-2018-6094,CVE-2018-6095,CVE-2018-6096,CVE-2018-6097,CVE-2018-6098,CVE-2018-6099,CVE-2018-6100,CVE-2018-6101,CVE-2018-6102,CVE-2018-6103,CVE-2018-6104,CVE-2018-6105,CVE-2018-6106,CVE-2018-6107,CVE-2018-6108,CVE-2018-6109,CVE-2018-6110,CVE-2018-6111,CVE-2018-6112,CVE-2018-6113,CVE-2018-6114,CVE-2018-6115,CVE-2018-6116,CVE-2018-6117,CVE-2018-6118,CVE-2018-6120,CVE-2018-6121,CVE-2018-6122
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-66.0.3359.181-55.1