Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat 6: RHSA-2018-0484-01 Important: Chromium Browser Security Update

red hat
Calendar Grey March 12, 2018
Dist Redhat Esm H88
Critical security patch released for the chromium-browser on Red Hat Enterprise Linux mitigates various vulnerabilities and enhances system safety.
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 65.0.3325.146.
Security Fix(es):
* chromium-browser: incorrect permissions on shared memory (CVE-2018-6057)
* chromium-browser: use-after-free in blink (CVE-2018-6060)
* chromium-browser: race condition in v8 (CVE-2018-6061)
* chromium-browser: heap buffer overflow in skia (CVE-2018-6062)
* chromium-browser: incorrect permissions on shared memory (CVE-2018-6063)
* chromium-browser: type confusion in v8 (CVE-2018-6064)
* chromium-browser: integer overflow in v8 (CVE-2018-6065)
* chromium-browser: same origin bypass via canvas (CVE-2018-6066)
* chromium-browser: buffer overflow in skia (CVE-2018-6067)
* chromium-browser: stack buffer overflow in skia (CVE-2018-6069)
* chromium-browser: csp bypass through extensions (CVE-2018-6070)
* chromium-browser: heap bufffer overflow in skia (CVE-2018-6071)
* chromium-browser: integer overflow in pdfium (CVE-2018-6072)
* chromium-browser: heap bufffer overflow in webgl (CVE-2018-6073)
* chromium-browser: mark-of-the-web bypass (CVE-2018-6074)
* chromium-browser: overly permissive cross origin downloads (CVE-2018-6075)
* chromium-browser: incorrect handling of url fragment identifiers in blink (CVE-2018-6076)
* chromium-browser: timing attack using svg filters (CVE-2018-6077)
* chromium-browser: url spoof in omnibox (CVE-2018-6078)
* chromium-browser: information disclosure via texture data in webgl (CVE-2018-6079)
* chromium-browser: information disclosure in ipc call (CVE-2018-6080)
* chromium-browser: xss in interstitials (CVE-2018-6081)
* chromium-browser: circumvention of port blocking (CVE-2018-6082)
* chromium-browser: incorrect processing of appmanifests (CVE-2018-6083)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory update red hat important browser chromium

References

https://access.redhat.com/security/cve/CVE-2018-6057 https://access.redhat.com/security/cve/CVE-2018-6060 https://access.redhat.com/security/cve/CVE-2018-6061 https://access.redhat.com/security/cve/CVE-2018-6062 https://access.redhat.com/security/cve/CVE-2018-6063 https://access.redhat.com/security/cve/CVE-2018-6064 https://access.redhat.com/security/cve/CVE-2018-6065 https://access.redhat.com/security/cve/CVE-2018-6066 https://access.redhat.com/security/cve/CVE-2018-6067 https://access.redhat.com/security/cve/CVE-2018-6069 https://access.redhat.com/security/cve/CVE-2018-6070 https://access.redhat.com/security/cve/CVE-2018-6071 https://access.redhat.com/security/cve/CVE-2018-6072 https://access.redhat.com/security/cve/CVE-2018-6073 https://access.redhat.com/security/cve/CVE-2018-6074 https://access.redhat.com/security/cve/CVE-2018-6075 https://access.redhat.com/security/cve/CVE-2018-6076 https://access.redhat.com/security/cve/CVE-2018-6077 https://access.redhat.com/security/cve/CVE-2018-6078 https://access.redhat.com/security/cve/CVE-2018-6079 https://access.redhat.com/security/cve/CVE-2018-6080 https://access.redhat.com/security/cve/CVE-2018-6081 https://access.redhat.com/security/cve/CVE-2018-6082 https://access.redhat.com/security/cve/CVE-2018-6083 Read the Full Advisory

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-65.0.3325.146-2.el6_9.i686.rpm chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm
x86_64: chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-65.0.3325.146-2.el6_9.i686.rpm chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm
x86_64: chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-65.0.3325.146-2.el6_9.i686.rpm chromium-browser-debuginfo-65.0.3325.146-2.el6_9.i686.rpm
x86_64: chromium-browser-65.0.3325.146-2.el6_9.x86_64.rpm chromium-browser-debuginfo-65.0.3325.146-2.el6_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2018:0484-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0484
Issue date: 2018-03-12

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory update red hat important browser chromium

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

Bugs Fixed

1552476 - CVE-2018-6060 chromium-browser: use-after-free in blink

1552477 - CVE-2018-6061 chromium-browser: race condition in v8

1552478 - CVE-2018-6062 chromium-browser: heap buffer overflow in skia

1552479 - CVE-2018-6057 chromium-browser: incorrect permissions on shared memory

1552480 - CVE-2018-6063 chromium-browser: incorrect permissions on shared memory

1552481 - CVE-2018-6064 chromium-browser: type confusion in v8

1552482 - CVE-2018-6065 chromium-browser: integer overflow in v8

1552483 - CVE-2018-6066 chromium-browser: same origin bypass via canvas

1552484 - CVE-2018-6067 chromium-browser: buffer overflow in skia

1552486 - CVE-2018-6069 chromium-browser: stack buffer overflow in skia

1552487 - CVE-2018-6070 chromium-browser: csp bypass through extensions

1552488 - CVE-2018-6071 chromium-browser: heap bufffer overflow in skia

1552489 - CVE-2018-6072 chromium-browser: integer overflow in pdfium

1552490 - CVE-2018-6073 chromium-browser: heap bufffer overflow in webgl

1552491 - CVE-2018-6074 chromium-browser: mark-of-the-web bypass

1552492 - CVE-2018-6075 chromium-browser: overly permissive cross origin downloads

1552493 - CVE-2018-6076 chromium-browser: incorrect handling of url fragment identifiers in blink

1552494 - CVE-2018-6077 chromium-browser: timing attack using svg filters1552495 - CVE-2018-6078 chromium-browser: url spoof in omnibox

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here