Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Important Security Update for Red Hat Enterprise Linux 6: RHSA-2016-1854-01

Calendar Sep 12, 2016 User Avatar LinuxSecurity Advisories
3 - 6 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory code execution security fix red hat enterprise important advisory browser update
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2016:1854-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2016:1854.html
Issue date:        2016-09-12
CVE Names:         CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 
                   CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 
                   CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 
                   CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 
                   CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 
                   CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 
                   CVE-2016-5165 CVE-2016-5166 CVE-2016-5167 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 53.0.2785.89.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Chromium to crash,
execute arbitrary code, or disclose sensitive information when visited by
the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150,
CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155,
CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167,
CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165,
CVE-2016-5166, CVE-2016-5160)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1372207 - CVE-2016-5147 chromium-browser: universal xss in blink
1372208 - CVE-2016-5148 chromium-browser: universal xss in blink
1372209 - CVE-2016-5149 chromium-browser: script injection in extensions
1372210 - CVE-2016-5150 chromium-browser: use after free in blink
1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium
1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium
1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink
1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium
1372216 - CVE-2016-5155 chromium-browser: address bar spoofing
1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings
1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium
1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium
1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium
1372221 - CVE-2016-5161 chromium-browser: type confusion in blink
1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass
1372223 - CVE-2016-5163 chromium-browser: address bar spoofing
1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools
1372225 - CVE-2016-5165 chromium-browser: script injection in devtools
1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as
1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass
1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-53.0.2785.89-3.el6.i686.rpm
chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm

x86_64:
chromium-browser-53.0.2785.89-3.el6.x86_64.rpm
chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-53.0.2785.89-3.el6.i686.rpm
chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm

x86_64:
chromium-browser-53.0.2785.89-3.el6.x86_64.rpm
chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-53.0.2785.89-3.el6.i686.rpm
chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm

x86_64:
chromium-browser-53.0.2785.89-3.el6.x86_64.rpm
chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-5147
https://access.redhat.com/security/cve/CVE-2016-5148
https://access.redhat.com/security/cve/CVE-2016-5149
https://access.redhat.com/security/cve/CVE-2016-5150
https://access.redhat.com/security/cve/CVE-2016-5151
https://access.redhat.com/security/cve/CVE-2016-5152
https://access.redhat.com/security/cve/CVE-2016-5153
https://access.redhat.com/security/cve/CVE-2016-5154
https://access.redhat.com/security/cve/CVE-2016-5155
https://access.redhat.com/security/cve/CVE-2016-5156
https://access.redhat.com/security/cve/CVE-2016-5157
https://access.redhat.com/security/cve/CVE-2016-5158
https://access.redhat.com/security/cve/CVE-2016-5159
https://access.redhat.com/security/cve/CVE-2016-5160
https://access.redhat.com/security/cve/CVE-2016-5161
https://access.redhat.com/security/cve/CVE-2016-5162
https://access.redhat.com/security/cve/CVE-2016-5163
https://access.redhat.com/security/cve/CVE-2016-5164
https://access.redhat.com/security/cve/CVE-2016-5165
https://access.redhat.com/security/cve/CVE-2016-5166
https://access.redhat.com/security/cve/CVE-2016-5167
https://access.redhat.com/security/updates/classification/#important
https://chromereleases.googleblog.com/2016/08/stable-channel-update-for-desktop_31.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFX1wkdXlSAg2UNWIIRAo19AKCYY24BGTS3pCe88UaKl6eCZ4ykmACgv0iJ
SAjzzrBiLDEH4/kIVLeFMUU=33re
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Warning: Undefined variable $read_more_added_bug in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 1148

Important Security Update for Red Hat Enterprise Linux 6: RHSA-2016-1854-01

red hat
Calendar Grey September 12, 2016
Dist Redhat Esm H88
Essential security patch released for chromium-browser on CentOS to fix various bugs and weaknesses.
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 53.0.2785.89.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)

Topics%20covered

Topics Covered

security advisory code execution security fix red hat enterprise important advisory browser update

References

https://access.redhat.com/security/cve/CVE-2016-5147 https://access.redhat.com/security/cve/CVE-2016-5148 https://access.redhat.com/security/cve/CVE-2016-5149 https://access.redhat.com/security/cve/CVE-2016-5150 https://access.redhat.com/security/cve/CVE-2016-5151 https://access.redhat.com/security/cve/CVE-2016-5152 https://access.redhat.com/security/cve/CVE-2016-5153 https://access.redhat.com/security/cve/CVE-2016-5154 https://access.redhat.com/security/cve/CVE-2016-5155 https://access.redhat.com/security/cve/CVE-2016-5156 https://access.redhat.com/security/cve/CVE-2016-5157 https://access.redhat.com/security/cve/CVE-2016-5158 https://access.redhat.com/security/cve/CVE-2016-5159 https://access.redhat.com/security/cve/CVE-2016-5160 https://access.redhat.com/security/cve/CVE-2016-5161 https://access.redhat.com/security/cve/CVE-2016-5162 https://access.redhat.com/security/cve/CVE-2016-5163 https://access.redhat.com/security/cve/CVE-2016-5164 https://access.redhat.com/security/cve/CVE-2016-5165 https://access.redhat.com/security/cve/CVE-2016-5166 https://access.redhat.com/security/cve/CVE-2016-5167 https://access.redhat.com/security/updates/classification/#important https://chromereleases.googleblog.com/2016/08/stable-channel-update-for-desktop_31.html

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-53.0.2785.89-3.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm
x86_64: chromium-browser-53.0.2785.89-3.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-53.0.2785.89-3.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm
x86_64: chromium-browser-53.0.2785.89-3.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-53.0.2785.89-3.el6.i686.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm
x86_64: chromium-browser-53.0.2785.89-3.el6.x86_64.rpm chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2016:1854-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1854.html
Issue date: 2016-09-12

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory code execution security fix red hat enterprise important advisory browser update

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

Bugs Fixed

1372207 - CVE-2016-5147 chromium-browser: universal xss in blink

1372208 - CVE-2016-5148 chromium-browser: universal xss in blink

1372209 - CVE-2016-5149 chromium-browser: script injection in extensions

1372210 - CVE-2016-5150 chromium-browser: use after free in blink

1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium

1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium

1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink

1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium

1372216 - CVE-2016-5155 chromium-browser: address bar spoofing

1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings

1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium

1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium

1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium

1372221 - CVE-2016-5161 chromium-browser: type confusion in blink

1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass

1372223 - CVE-2016-5163 chromium-browser: address bar spoofing

1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools

1372225 - CVE-2016-5165 chromium-browser: script injection in devtools

1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as

1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here