-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:1933-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1933
Issue date:        2018-06-19
CVE Names:         CVE-2018-6149 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 67.0.3396.87.

Security Fix(es):

* chromium-browser: Out of bounds write in V8 (CVE-2018-6149)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1590681 - CVE-2018-6149 chromium-browser: Out of bounds write in V8

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-6149
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWyiCedzjgjWX9erEAQgMEQ/9HKBytViRaL2F1+q+4IKdCIJMqjPb3wXB
IpHXhnvwO0sV3S+nrO35tu05DMB2J8QYhtYYOGjz8aGgUyA/B+4fr1jOQkTt486F
pyGirAyJwYUxzFwix+jOySErN+v7EGxK3z+WfHO+xz6ywAj1toZTDhVpenFntwig
gzcoYEH29iYNWQlEogoOUkj1RgaJ7gCH4Kn+nDC7s9DjcQN/Nv673lWA3Zjw1Zgr
x9dX6OnRQKUFynXNQYpJpNPXfKuLddznsrmWxHq728nwwL3kGF9pNWE5AOMGN2dE
4SVd4N07oLXMxowowCcWJFiptCWBZ0sEWCfMNEXXtcUDQZNF+7A4mtmQvzyY75Aw
ypniz7XwvErg8xpUM1Fu06IqGBFXZ95k4mRiKTy1JKJtv2ZDWy3zM6hYmI3Wq2Ry
RkZl1kHKNDq3B5s/hiVlgB4McUWxK8rQKDGHdkGIszugncIO1d1oBbSZjoHPHPEQ
s107Y3y7yXzqq/CcUylUN94i5WRwRr2ZAuV81qiP7HwB749IE49a47S2KD6f24Oo
PvnntGOVReOhTC9adeyUU0y+a5xPOQcMbwwEoFAsnAxLOiht8spnX9VQgdUCOWy9
PPRiKe0EjxtN2hIzzoC7b/Fvx6Cpfv3fK6rXRKM4Z9hH1oowsdR9Vyu9f71Sf+lK
syPdOH3XqlU=S1jR
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-1933:01 Important: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 67.0.3396.87.
Security Fix(es):
* chromium-browser: Out of bounds write in V8 (CVE-2018-6149)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.

References

https://access.redhat.com/security/cve/CVE-2018-6149 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-67.0.3396.87-1.el6_10.i686.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm
x86_64: chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i386: chromium-browser-67.0.3396.87-1.el6_10.i686.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm
x86_64: chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-67.0.3396.87-1.el6_10.i686.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm
x86_64: chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-67.0.3396.87-1.el6_10.i686.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.i686.rpm
x86_64: chromium-browser-67.0.3396.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-67.0.3396.87-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2018:1933-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1933
Issued Date: : 2018-06-19
CVE Names: CVE-2018-6149

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64


Bugs Fixed

1590681 - CVE-2018-6149 chromium-browser: Out of bounds write in V8


Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved