-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:3004-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3004
Issue date:        2018-10-24
CVE Names:         CVE-2018-5179 CVE-2018-16435 CVE-2018-17462 
                   CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 
                   CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 
                   CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 
                   CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 
                   CVE-2018-17476 CVE-2018-17477 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 70.0.3538.67.

Security Fix(es):

* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)

* chromium-browser: Remote code execution in V8 (CVE-2018-17463)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)

* chromium-browser: Use after free in V8 (CVE-2018-17465)

* chromium-browser: Memory corruption in Angle (CVE-2018-17466)

* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to
heap-based buffer overflow (CVE-2018-16435)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)

* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)

* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)

* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)

* chromium-browser: Security UI occlusion in full screen mode
(CVE-2018-17471)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)

* chromium-browser: Use after free in Blink (CVE-2018-17474)

* chromium-browser: Lack of limits on update() in ServiceWorker
(CVE-2018-5179)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)

* chromium-browser: Security UI occlusion in full screen mode
(CVE-2018-17476)

* chromium-browser: UI spoof in Extensions (CVE-2018-17477)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow
1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache
1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8
1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox
1640101 - CVE-2018-17465 chromium-browser: Use after free in V8
1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle
1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox
1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink
1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium
1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals
1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode
1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox
1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink
1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox
1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode
1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker
1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5179
https://access.redhat.com/security/cve/CVE-2018-16435
https://access.redhat.com/security/cve/CVE-2018-17462
https://access.redhat.com/security/cve/CVE-2018-17463
https://access.redhat.com/security/cve/CVE-2018-17464
https://access.redhat.com/security/cve/CVE-2018-17465
https://access.redhat.com/security/cve/CVE-2018-17466
https://access.redhat.com/security/cve/CVE-2018-17467
https://access.redhat.com/security/cve/CVE-2018-17468
https://access.redhat.com/security/cve/CVE-2018-17469
https://access.redhat.com/security/cve/CVE-2018-17470
https://access.redhat.com/security/cve/CVE-2018-17471
https://access.redhat.com/security/cve/CVE-2018-17473
https://access.redhat.com/security/cve/CVE-2018-17474
https://access.redhat.com/security/cve/CVE-2018-17475
https://access.redhat.com/security/cve/CVE-2018-17476
https://access.redhat.com/security/cve/CVE-2018-17477
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9DtKdzjgjWX9erEAQgCxRAAowiTvmxP7iUmw/4GyB2N0VC2zQYGzxe+
mlEHS4Idc5zO0tx1IxtMUlhPOmpbxxPmi5v5vEf3kZcgJNir93x6CXUa5dz/VabD
c+abLDqy+oyhNfpO/J2NYoXcG7lhxGvSJ4gYZXJGXpR0B0mfk8Jyq1na8C0aQDX4
9KIYcZV2w/gXTRp6rd9KNSVMqV12nWi14RiBnd9jk5HnE9EszG5QDVZNKIZt4IrC
T5WdT6+jtHLbaJANnQPLiAtcAgGKhiNlMuBEKyXMjoiPcAQ8Wy72sYo08hZvnjpY
tOWfesqAfL86MQuk4OQ0eGmEPP8A8G16lNac9lnxqY9EAY2883CbpJ/V8Zp2A2uI
zxg+1xbk+NSjgb4ED54+j3y/EiaVwAL356jncnfwnef6c6+ul3Mc8q/uPdNqCqtj
1BNR7R55y9P+kwGZqToxwNc2JzVMVZWLYgC1akUpAYMQkPCpF5Y62pjY9GFV9ock
rY7KQFH2bhvMu7AlU9aTPSPwYykQdYD9vtsoEA9kzYAAEdpY6ff5d8qj6PHZaTqF
aM4vO0U1ywpdtjWOTX+yTCgxqwO1xedHy9qICC1xvaMqknSbel9TZrIVmcNW8QSG
l6sfCMeJhLqF90gHp3bypWlO757ZSGaSqS6lWv8HiNa4wzRLdswIkO71f9j10JDo
pzUdYKw9eDY=8fd6
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-3004:01 Important: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 70.0.3538.67.
Security Fix(es):
* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)
* chromium-browser: Remote code execution in V8 (CVE-2018-17463)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)
* chromium-browser: Use after free in V8 (CVE-2018-17465)
* chromium-browser: Memory corruption in Angle (CVE-2018-17466)
* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)
* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)
* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)
* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)
* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)
* chromium-browser: Use after free in Blink (CVE-2018-17474)
* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)
* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)
* chromium-browser: UI spoof in Extensions (CVE-2018-17477)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.

References

https://access.redhat.com/security/cve/CVE-2018-5179 https://access.redhat.com/security/cve/CVE-2018-16435 https://access.redhat.com/security/cve/CVE-2018-17462 https://access.redhat.com/security/cve/CVE-2018-17463 https://access.redhat.com/security/cve/CVE-2018-17464 https://access.redhat.com/security/cve/CVE-2018-17465 https://access.redhat.com/security/cve/CVE-2018-17466 https://access.redhat.com/security/cve/CVE-2018-17467 https://access.redhat.com/security/cve/CVE-2018-17468 https://access.redhat.com/security/cve/CVE-2018-17469 https://access.redhat.com/security/cve/CVE-2018-17470 https://access.redhat.com/security/cve/CVE-2018-17471 https://access.redhat.com/security/cve/CVE-2018-17473 https://access.redhat.com/security/cve/CVE-2018-17474 https://access.redhat.com/security/cve/CVE-2018-17475 https://access.redhat.com/security/cve/CVE-2018-17476 https://access.redhat.com/security/cve/CVE-2018-17477 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2018:3004-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3004
Issued Date: : 2018-10-24
CVE Names: CVE-2018-5179 CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64


Bugs Fixed

1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow

1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache

1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8

1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox

1640101 - CVE-2018-17465 chromium-browser: Use after free in V8

1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle

1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox

1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink

1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium

1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals

1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode

1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox

1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink

1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox

1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode

1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker

1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved