Red Hat Enterprise Linux 6: RHSA-2018:3004-01 Important: Chromium RCE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:3004-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3004
Issue date:        2018-10-24
CVE Names:         CVE-2018-5179 CVE-2018-16435 CVE-2018-17462 
                   CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 
                   CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 
                   CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 
                   CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 
                   CVE-2018-17476 CVE-2018-17477 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 70.0.3538.67.

Security Fix(es):

* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)

* chromium-browser: Remote code execution in V8 (CVE-2018-17463)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)

* chromium-browser: Use after free in V8 (CVE-2018-17465)

* chromium-browser: Memory corruption in Angle (CVE-2018-17466)

* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to
heap-based buffer overflow (CVE-2018-16435)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)

* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)

* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)

* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)

* chromium-browser: Security UI occlusion in full screen mode
(CVE-2018-17471)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)

* chromium-browser: Use after free in Blink (CVE-2018-17474)

* chromium-browser: Lack of limits on update() in ServiceWorker
(CVE-2018-5179)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)

* chromium-browser: Security UI occlusion in full screen mode
(CVE-2018-17476)

* chromium-browser: UI spoof in Extensions (CVE-2018-17477)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow
1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache
1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8
1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox
1640101 - CVE-2018-17465 chromium-browser: Use after free in V8
1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle
1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox
1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink
1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium
1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals
1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode
1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox
1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink
1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox
1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode
1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker
1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5179
https://access.redhat.com/security/cve/CVE-2018-16435
https://access.redhat.com/security/cve/CVE-2018-17462
https://access.redhat.com/security/cve/CVE-2018-17463
https://access.redhat.com/security/cve/CVE-2018-17464
https://access.redhat.com/security/cve/CVE-2018-17465
https://access.redhat.com/security/cve/CVE-2018-17466
https://access.redhat.com/security/cve/CVE-2018-17467
https://access.redhat.com/security/cve/CVE-2018-17468
https://access.redhat.com/security/cve/CVE-2018-17469
https://access.redhat.com/security/cve/CVE-2018-17470
https://access.redhat.com/security/cve/CVE-2018-17471
https://access.redhat.com/security/cve/CVE-2018-17473
https://access.redhat.com/security/cve/CVE-2018-17474
https://access.redhat.com/security/cve/CVE-2018-17475
https://access.redhat.com/security/cve/CVE-2018-17476
https://access.redhat.com/security/cve/CVE-2018-17477
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9DtKdzjgjWX9erEAQgCxRAAowiTvmxP7iUmw/4GyB2N0VC2zQYGzxe+
mlEHS4Idc5zO0tx1IxtMUlhPOmpbxxPmi5v5vEf3kZcgJNir93x6CXUa5dz/VabD
c+abLDqy+oyhNfpO/J2NYoXcG7lhxGvSJ4gYZXJGXpR0B0mfk8Jyq1na8C0aQDX4
9KIYcZV2w/gXTRp6rd9KNSVMqV12nWi14RiBnd9jk5HnE9EszG5QDVZNKIZt4IrC
T5WdT6+jtHLbaJANnQPLiAtcAgGKhiNlMuBEKyXMjoiPcAQ8Wy72sYo08hZvnjpY
tOWfesqAfL86MQuk4OQ0eGmEPP8A8G16lNac9lnxqY9EAY2883CbpJ/V8Zp2A2uI
zxg+1xbk+NSjgb4ED54+j3y/EiaVwAL356jncnfwnef6c6+ul3Mc8q/uPdNqCqtj
1BNR7R55y9P+kwGZqToxwNc2JzVMVZWLYgC1akUpAYMQkPCpF5Y62pjY9GFV9ock
rY7KQFH2bhvMu7AlU9aTPSPwYykQdYD9vtsoEA9kzYAAEdpY6ff5d8qj6PHZaTqF
aM4vO0U1ywpdtjWOTX+yTCgxqwO1xedHy9qICC1xvaMqknSbel9TZrIVmcNW8QSG
l6sfCMeJhLqF90gHp3bypWlO757ZSGaSqS6lWv8HiNa4wzRLdswIkO71f9j10JDo
pzUdYKw9eDY=8fd6
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat Enterprise Linux 6: RHSA-2018:3004-01 Important: Chromium RCE

red hat

October 24, 2018

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 70.0.3538.67.
Security Fix(es):
* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)
* chromium-browser: Remote code execution in V8 (CVE-2018-17463)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)
* chromium-browser: Use after free in V8 (CVE-2018-17465)
* chromium-browser: Memory corruption in Angle (CVE-2018-17466)
* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)
* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)
* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)
* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)
* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)
* chromium-browser: Use after free in Blink (CVE-2018-17474)
* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)
* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)
* chromium-browser: UI spoof in Extensions (CVE-2018-17477)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Topics Covered

security advisory remote code execution Red Hat Enterprise Linux important fix sandbox escape chromium-browser

References

https://access.redhat.com/security/cve/CVE-2018-5179 https://access.redhat.com/security/cve/CVE-2018-16435 https://access.redhat.com/security/cve/CVE-2018-17462 https://access.redhat.com/security/cve/CVE-2018-17463 https://access.redhat.com/security/cve/CVE-2018-17464 https://access.redhat.com/security/cve/CVE-2018-17465 https://access.redhat.com/security/cve/CVE-2018-17466 https://access.redhat.com/security/cve/CVE-2018-17467 https://access.redhat.com/security/cve/CVE-2018-17468 https://access.redhat.com/security/cve/CVE-2018-17469 https://access.redhat.com/security/cve/CVE-2018-17470 https://access.redhat.com/security/cve/CVE-2018-17471 https://access.redhat.com/security/cve/CVE-2018-17473 https://access.redhat.com/security/cve/CVE-2018-17474 https://access.redhat.com/security/cve/CVE-2018-17475 https://access.redhat.com/security/cve/CVE-2018-17476 https://access.redhat.com/security/cve/CVE-2018-17477 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

important

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2018:3004-01

Product: Red Hat Enterprise Linux Supplementary

Advisory URL: https://access.redhat.com/errata/RHSA-2018:3004

Issue date: 2018-10-24

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics Covered

security advisory remote code execution Red Hat Enterprise Linux important fix sandbox escape chromium-browser

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

Bugs Fixed

1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow

1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache

1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8

1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox

1640101 - CVE-2018-17465 chromium-browser: Use after free in V8

1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle

1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox

1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink

1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium

1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals

1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode

1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox

1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink

1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox

1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode

1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker

1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 6: RHSA-2018:3004-01 Important: Chromium RCE

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat Enterprise Linux 6: RHSA-2018:3004-01 Important: Chromium RCE

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 6: RHSA-2018:3004-01 Important: Chromium RCE

Topics Covered

Search Advisories & Updates

Recent Searches

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Red Hat Enterprise Linux 6: RHSA-2018:3004-01 Important: Chromium RCE

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!