-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: chromium-browser security update
Advisory ID:       RHSA-2019:0309-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0309
Issue date:        2019-02-11
CVE Names:         CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 
                   CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 
                   CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 
                   CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 
                   CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 
                   CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 
                   CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 
                   CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 
                   CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 
                   CVE-2019-5781 CVE-2019-5782 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 72.0.3626.81.

Security Fix(es):

* chromium-browser: Inappropriate implementation in QUIC Networking
(CVE-2019-5754)

* chromium-browser: Inappropriate implementation in V8 (CVE-2019-5755)

* chromium-browser: Use after free in PDFium (CVE-2019-5756)

* chromium-browser: Type Confusion in SVG (CVE-2019-5757)

* chromium-browser: Use after free in Blink (CVE-2019-5758)

* chromium-browser: Use after free in HTML select elements (CVE-2019-5759)

* chromium-browser: Use after free in WebRTC (CVE-2019-5760)

* chromium-browser: Use after free in SwiftShader (CVE-2019-5761)

* chromium-browser: Use after free in PDFium (CVE-2019-5762)

* chromium-browser: Insufficient validation of untrusted input in V8
(CVE-2019-5763)

* chromium-browser: Use after free in WebRTC (CVE-2019-5764)

* chromium-browser: Insufficient policy enforcement in the browser
(CVE-2019-5765)

* chromium-browser: Inappropriate implementation in V8 (CVE-2019-5782)

* chromium-browser: Insufficient policy enforcement in Canvas
(CVE-2019-5766)

* chromium-browser: Incorrect security UI in WebAPKs (CVE-2019-5767)

* chromium-browser: Insufficient policy enforcement in DevTools
(CVE-2019-5768)

* chromium-browser: Insufficient validation of untrusted input in Blink
(CVE-2019-5769)

* chromium-browser: Heap buffer overflow in WebGL (CVE-2019-5770)

* chromium-browser: Heap buffer overflow in SwiftShader (CVE-2019-5771)

* chromium-browser: Use after free in PDFium (CVE-2019-5772)

* chromium-browser: Insufficient data validation in IndexedDB
(CVE-2019-5773)

* chromium-browser: Insufficient validation of untrusted input in
SafeBrowsing (CVE-2019-5774)

* chromium-browser: Insufficient policy enforcement in Omnibox
(CVE-2019-5775)

* chromium-browser: Insufficient policy enforcement in Omnibox
(CVE-2019-5776)

* chromium-browser: Insufficient policy enforcement in Omnibox
(CVE-2019-5777)

* chromium-browser: Insufficient policy enforcement in Extensions
(CVE-2019-5778)

* chromium-browser: Insufficient policy enforcement in ServiceWorker
(CVE-2019-5779)

* chromium-browser: Insufficient policy enforcement (CVE-2019-5780)

* chromium-browser: Insufficient policy enforcement in Omnibox
(CVE-2019-5781)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1670737 - CVE-2019-5754 chromium-browser: Inappropriate implementation in QUIC Networking
1670738 - CVE-2019-5782 chromium-browser: Inappropriate implementation in V8
1670739 - CVE-2019-5755 chromium-browser: Inappropriate implementation in V8
1670740 - CVE-2019-5756 chromium-browser: Use after free in PDFium
1670741 - CVE-2019-5757 chromium-browser: Type Confusion in SVG
1670742 - CVE-2019-5758 chromium-browser: Use after free in Blink
1670743 - CVE-2019-5759 chromium-browser: Use after free in HTML select elements
1670744 - CVE-2019-5760 chromium-browser: Use after free in WebRTC
1670745 - CVE-2019-5761 chromium-browser: Use after free in SwiftShader
1670746 - CVE-2019-5762 chromium-browser: Use after free in PDFium
1670747 - CVE-2019-5763 chromium-browser: Insufficient validation of untrusted input in V8
1670748 - CVE-2019-5764 chromium-browser: Use after free in WebRTC
1670749 - CVE-2019-5765 chromium-browser: Insufficient policy enforcement in the browser
1670750 - CVE-2019-5766 chromium-browser: Insufficient policy enforcement in Canvas
1670751 - CVE-2019-5767 chromium-browser: Incorrect security UI in WebAPKs
1670752 - CVE-2019-5768 chromium-browser: Insufficient policy enforcement in DevTools
1670753 - CVE-2019-5769 chromium-browser: Insufficient validation of untrusted input in Blink
1670754 - CVE-2019-5770 chromium-browser: Heap buffer overflow in WebGL
1670755 - CVE-2019-5771 chromium-browser: Heap buffer overflow in SwiftShader
1670756 - CVE-2019-5772 chromium-browser: Use after free in PDFium
1670757 - CVE-2019-5773 chromium-browser: Insufficient data validation in IndexedDB
1670758 - CVE-2019-5774 chromium-browser: Insufficient validation of untrusted input in SafeBrowsing
1670759 - CVE-2019-5775 chromium-browser: Insufficient policy enforcement in Omnibox
1670760 - CVE-2019-5776 chromium-browser: Insufficient policy enforcement in Omnibox
1670761 - CVE-2019-5777 chromium-browser: Insufficient policy enforcement in Omnibox
1670762 - CVE-2019-5778 chromium-browser: Insufficient policy enforcement in Extensions
1670763 - CVE-2019-5779 chromium-browser: Insufficient policy enforcement in ServiceWorker
1670764 - CVE-2019-5780 chromium-browser: Insufficient policy enforcement
1670771 - CVE-2019-5781 chromium-browser: Insufficient policy enforcement in Omnibox

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-72.0.3626.81-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.81-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.81-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.81-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-72.0.3626.81-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.81-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.81-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.81-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-72.0.3626.81-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.81-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.81-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.81-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5754
https://access.redhat.com/security/cve/CVE-2019-5755
https://access.redhat.com/security/cve/CVE-2019-5756
https://access.redhat.com/security/cve/CVE-2019-5757
https://access.redhat.com/security/cve/CVE-2019-5758
https://access.redhat.com/security/cve/CVE-2019-5759
https://access.redhat.com/security/cve/CVE-2019-5760
https://access.redhat.com/security/cve/CVE-2019-5761
https://access.redhat.com/security/cve/CVE-2019-5762
https://access.redhat.com/security/cve/CVE-2019-5763
https://access.redhat.com/security/cve/CVE-2019-5764
https://access.redhat.com/security/cve/CVE-2019-5765
https://access.redhat.com/security/cve/CVE-2019-5766
https://access.redhat.com/security/cve/CVE-2019-5767
https://access.redhat.com/security/cve/CVE-2019-5768
https://access.redhat.com/security/cve/CVE-2019-5769
https://access.redhat.com/security/cve/CVE-2019-5770
https://access.redhat.com/security/cve/CVE-2019-5771
https://access.redhat.com/security/cve/CVE-2019-5772
https://access.redhat.com/security/cve/CVE-2019-5773
https://access.redhat.com/security/cve/CVE-2019-5774
https://access.redhat.com/security/cve/CVE-2019-5775
https://access.redhat.com/security/cve/CVE-2019-5776
https://access.redhat.com/security/cve/CVE-2019-5777
https://access.redhat.com/security/cve/CVE-2019-5778
https://access.redhat.com/security/cve/CVE-2019-5779
https://access.redhat.com/security/cve/CVE-2019-5780
https://access.redhat.com/security/cve/CVE-2019-5781
https://access.redhat.com/security/cve/CVE-2019-5782
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXGHADdzjgjWX9erEAQgobA/+NLQCz6yn6c+90AYyWZryZHALs0zpfDS7
ZowZbdjP4mcPNU2XImW3wEh44zZ4yblzB34uWQ5zDKVCWOpv/zJtbycpFWQo1dM+
+fN2SU+9YwnC6ERuWv8OckYOUIjaPN9NOaMwxoCsb20j717kGS/+uTVQkZdZViZn
ShakiQ4G71b/Bb7ZZh8WCiMVNa5ai12SVT7VcvupMLGeRlKVlqwhuyHRDdVjzw6z
Svn3GU/whT89Np3elgPHvsp+CmREGMXpOvTBjcU2Qlnr5MmBrUlQm83fW8D5wyop
HznwTL7lq5APg25L5djhnRuw7J8oN4C0/l04G4mXFgRxhcFod5hCUI986Xqm6WDE
LNmhp8S5TexTxRqt6iUVX+oXtteqpObkakYsE6ySC54y9NvKNsHAChekW5bVBYA6
GZNJJV5AzyEQYu3vLJl9O5MbzeJTvg2qOPVoETmQ5pBSOxQx0vlarAve8Zk2xMO4
44/swuJe9hPa3Zs5iZgnR9HiGUymQYeBfJmkD56gWrUqwS5UbOxOtsTpJXJ5no6q
f7I5RIQiP54RoYtf7+BE6+ebplndPSBnK+sHtqW3hQLJItsabXNzIzyiqWJYbnat
1NbgTrb8wflHI+hlh0tkqbQAALm5yJxVr13tjlvoFuUs3YFk0ATGO/jvRT4RboIn
qULDfEwfZuM=ptcL
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2019-0309:01 Critical: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 72.0.3626.81.
Security Fix(es):
* chromium-browser: Inappropriate implementation in QUIC Networking (CVE-2019-5754)
* chromium-browser: Inappropriate implementation in V8 (CVE-2019-5755)
* chromium-browser: Use after free in PDFium (CVE-2019-5756)
* chromium-browser: Type Confusion in SVG (CVE-2019-5757)
* chromium-browser: Use after free in Blink (CVE-2019-5758)
* chromium-browser: Use after free in HTML select elements (CVE-2019-5759)
* chromium-browser: Use after free in WebRTC (CVE-2019-5760)
* chromium-browser: Use after free in SwiftShader (CVE-2019-5761)
* chromium-browser: Use after free in PDFium (CVE-2019-5762)
* chromium-browser: Insufficient validation of untrusted input in V8 (CVE-2019-5763)
* chromium-browser: Use after free in WebRTC (CVE-2019-5764)
* chromium-browser: Insufficient policy enforcement in the browser (CVE-2019-5765)
* chromium-browser: Inappropriate implementation in V8 (CVE-2019-5782)
* chromium-browser: Insufficient policy enforcement in Canvas (CVE-2019-5766)
* chromium-browser: Incorrect security UI in WebAPKs (CVE-2019-5767)
* chromium-browser: Insufficient policy enforcement in DevTools (CVE-2019-5768)
* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-5769)
* chromium-browser: Heap buffer overflow in WebGL (CVE-2019-5770)
* chromium-browser: Heap buffer overflow in SwiftShader (CVE-2019-5771)
* chromium-browser: Use after free in PDFium (CVE-2019-5772)
* chromium-browser: Insufficient data validation in IndexedDB (CVE-2019-5773)
* chromium-browser: Insufficient validation of untrusted input in SafeBrowsing (CVE-2019-5774)
* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-5775)
* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-5776)
* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-5777)
* chromium-browser: Insufficient policy enforcement in Extensions (CVE-2019-5778)
* chromium-browser: Insufficient policy enforcement in ServiceWorker (CVE-2019-5779)
* chromium-browser: Insufficient policy enforcement (CVE-2019-5780)
* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-5781)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.

References

https://access.redhat.com/security/cve/CVE-2019-5754 https://access.redhat.com/security/cve/CVE-2019-5755 https://access.redhat.com/security/cve/CVE-2019-5756 https://access.redhat.com/security/cve/CVE-2019-5757 https://access.redhat.com/security/cve/CVE-2019-5758 https://access.redhat.com/security/cve/CVE-2019-5759 https://access.redhat.com/security/cve/CVE-2019-5760 https://access.redhat.com/security/cve/CVE-2019-5761 https://access.redhat.com/security/cve/CVE-2019-5762 https://access.redhat.com/security/cve/CVE-2019-5763 https://access.redhat.com/security/cve/CVE-2019-5764 https://access.redhat.com/security/cve/CVE-2019-5765 https://access.redhat.com/security/cve/CVE-2019-5766 https://access.redhat.com/security/cve/CVE-2019-5767 https://access.redhat.com/security/cve/CVE-2019-5768 https://access.redhat.com/security/cve/CVE-2019-5769 https://access.redhat.com/security/cve/CVE-2019-5770 https://access.redhat.com/security/cve/CVE-2019-5771 https://access.redhat.com/security/cve/CVE-2019-5772 https://access.redhat.com/security/cve/CVE-2019-5773 https://access.redhat.com/security/cve/CVE-2019-5774 https://access.redhat.com/security/cve/CVE-2019-5775 https://access.redhat.com/security/cve/CVE-2019-5776 https://access.redhat.com/security/cve/CVE-2019-5777 https://access.redhat.com/security/cve/CVE-2019-5778 https://access.redhat.com/security/cve/CVE-2019-5779 https://access.redhat.com/security/cve/CVE-2019-5780 https://access.redhat.com/security/cve/CVE-2019-5781 https://access.redhat.com/security/cve/CVE-2019-5782 https://access.redhat.com/security/updates/classification/#critical

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-72.0.3626.81-1.el6_10.i686.rpm chromium-browser-debuginfo-72.0.3626.81-1.el6_10.i686.rpm
x86_64: chromium-browser-72.0.3626.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-72.0.3626.81-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-72.0.3626.81-1.el6_10.i686.rpm chromium-browser-debuginfo-72.0.3626.81-1.el6_10.i686.rpm
x86_64: chromium-browser-72.0.3626.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-72.0.3626.81-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-72.0.3626.81-1.el6_10.i686.rpm chromium-browser-debuginfo-72.0.3626.81-1.el6_10.i686.rpm
x86_64: chromium-browser-72.0.3626.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-72.0.3626.81-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2019:0309-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0309
Issued Date: : 2019-02-11
CVE Names: CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64


Bugs Fixed

1670737 - CVE-2019-5754 chromium-browser: Inappropriate implementation in QUIC Networking

1670738 - CVE-2019-5782 chromium-browser: Inappropriate implementation in V8

1670739 - CVE-2019-5755 chromium-browser: Inappropriate implementation in V8

1670740 - CVE-2019-5756 chromium-browser: Use after free in PDFium

1670741 - CVE-2019-5757 chromium-browser: Type Confusion in SVG

1670742 - CVE-2019-5758 chromium-browser: Use after free in Blink

1670743 - CVE-2019-5759 chromium-browser: Use after free in HTML select elements

1670744 - CVE-2019-5760 chromium-browser: Use after free in WebRTC

1670745 - CVE-2019-5761 chromium-browser: Use after free in SwiftShader

1670746 - CVE-2019-5762 chromium-browser: Use after free in PDFium

1670747 - CVE-2019-5763 chromium-browser: Insufficient validation of untrusted input in V8

1670748 - CVE-2019-5764 chromium-browser: Use after free in WebRTC

1670749 - CVE-2019-5765 chromium-browser: Insufficient policy enforcement in the browser

1670750 - CVE-2019-5766 chromium-browser: Insufficient policy enforcement in Canvas

1670751 - CVE-2019-5767 chromium-browser: Incorrect security UI in WebAPKs

1670752 - CVE-2019-5768 chromium-browser: Insufficient policy enforcement in DevTools

1670753 - CVE-2019-5769 chromium-browser: Insufficient validation of untrusted input in Blink

1670754 - CVE-2019-5770 chromium-browser: Heap buffer overflow in WebGL

1670755 - CVE-2019-5771 chromium-browser: Heap buffer overflow in SwiftShader

1670756 - CVE-2019-5772 chromium-browser: Use after free in PDFium

1670757 - CVE-2019-5773 chromium-browser: Insufficient data validation in IndexedDB

1670758 - CVE-2019-5774 chromium-browser: Insufficient validation of untrusted input in SafeBrowsing

1670759 - CVE-2019-5775 chromium-browser: Insufficient policy enforcement in Omnibox

1670760 - CVE-2019-5776 chromium-browser: Insufficient policy enforcement in Omnibox

1670761 - CVE-2019-5777 chromium-browser: Insufficient policy enforcement in Omnibox

1670762 - CVE-2019-5778 chromium-browser: Insufficient policy enforcement in Extensions

1670763 - CVE-2019-5779 chromium-browser: Insufficient policy enforcement in ServiceWorker

1670764 - CVE-2019-5780 chromium-browser: Insufficient policy enforcement

1670771 - CVE-2019-5781 chromium-browser: Insufficient policy enforcement in Omnibox


Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved