Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Important Security Update for chromium-browser in RHEL 6: RHSA-2019-2427-01

red hat
Calendar Grey August 12, 2019
Dist Redhat Esm H88
Ubuntu has issued a critical security announcement for the firefox-browser upgrade, tackling numerous significant vulnerabilities.
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 76.0.3809.87.
Security Fix(es):
* chromium-browser: Use-after-free in offline page fetcher (CVE-2019-5850)
* chromium-browser: Use-after-poison in offline audio context (CVE-2019-5851)
* chromium-browser: Memory corruption in regexp length check (CVE-2019-5853)
* chromium-browser: res: URIs can load alternative browsers (CVE-2019-5859)
* chromium-browser: Use-after-free in PDFium (CVE-2019-5860)
* chromium-browser: Integer overflow in PDFium (CVE-2019-5855)
* chromium-browser: Insufficient checks on filesystem: URI permissions (CVE-2019-5856)
* chromium-browser: Site isolation bypass from compromised renderer (CVE-2019-5865)
* chromium-browser: Object leak of utility functions (CVE-2019-5852)
* chromium-browser: Integer overflow in PDFium text rendering (CVE-2019-5854)
* chromium-browser: Comparison of -0 and null yields crash (CVE-2019-5857)
* chromium-browser: Insufficient filtering of Open URL service parameters(CVE-2019-5858)
* chromium-browser: Click location incorrectly checked (CVE-2019-5861)
* chromium-browser: AppCache not robust to compromised renderers(CVE-2019-5862)
* chromium-browser: Insufficient port filtering in CORS for extensions (CVE-2019-5864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2019-5850 https://access.redhat.com/security/cve/CVE-2019-5851 https://access.redhat.com/security/cve/CVE-2019-5852 https://access.redhat.com/security/cve/CVE-2019-5853 https://access.redhat.com/security/cve/CVE-2019-5854 https://access.redhat.com/security/cve/CVE-2019-5855 https://access.redhat.com/security/cve/CVE-2019-5856 https://access.redhat.com/security/cve/CVE-2019-5857 https://access.redhat.com/security/cve/CVE-2019-5858 https://access.redhat.com/security/cve/CVE-2019-5859 https://access.redhat.com/security/cve/CVE-2019-5860 https://access.redhat.com/security/cve/CVE-2019-5861 https://access.redhat.com/security/cve/CVE-2019-5862 https://access.redhat.com/security/cve/CVE-2019-5864 https://access.redhat.com/security/cve/CVE-2019-5865 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-76.0.3809.87-1.el6_10.i686.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
i686: chromium-browser-76.0.3809.87-1.el6_10.i686.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
x86_64: chromium-browser-76.0.3809.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-76.0.3809.87-1.el6_10.i686.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
x86_64: chromium-browser-76.0.3809.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-76.0.3809.87-1.el6_10.i686.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
i686: chromium-browser-76.0.3809.87-1.el6_10.i686.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
x86_64: chromium-browser-76.0.3809.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-76.0.3809.87-1.el6_10.i686.rpm chromium-browser-debuginfo-76.0.3809.87-1.el6_10.i686.rpm
i686:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:2427-01
Product: Red Hat Enterprise Linux Supplementary
Issue date: 2019-08-12

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

Bugs Fixed

1735496 - CVE-2019-5852 chromium-browser: Object leak of utility functions

1737721 - CVE-2019-5850 chromium-browser: Use-after-free in offline page fetcher

1737722 - CVE-2019-5860 chromium-browser: Use-after-free in PDFium

1737723 - CVE-2019-5853 chromium-browser: Memory corruption in regexp length check

1737724 - CVE-2019-5851 chromium-browser: Use-after-poison in offline audio context

1737725 - CVE-2019-5859 chromium-browser: res: URIs can load alternative browsers1737727 - CVE-2019-5856 chromium-browser: Insufficient checks on filesystem: URI permissions

1737729 - CVE-2019-5855 chromium-browser: Integer overflow in PDFium

1737730 - CVE-2019-5865 chromium-browser: Site isolation bypass from compromised renderer

1737731 - CVE-2019-5858 chromium-browser: Insufficient filtering of Open URL service parameters1737732 - CVE-2019-5864 chromium-browser: Insufficient port filtering in CORS for extensions

1737733 - CVE-2019-5862 chromium-browser: AppCache not robust to compromised renderers1737734 - CVE-2019-5861 chromium-browser: Click location incorrectly checked

1737735 - CVE-2019-5857 chromium-browser: Comparison of -0 and null yields crash

1737736 - CVE-2019-5854 chromium-browser: Integer overflow in PDFium text rendering

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.