RedHat: RHSA-2020-0514:01 Important: chromium-browser security update

    Date16 Feb 2020
    375
    Posted ByLinuxSecurity Advisories
    An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: chromium-browser security update
    Advisory ID:       RHSA-2020:0514-01
    Product:           Red Hat Enterprise Linux Supplementary
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0514
    Issue date:        2020-02-17
    CVE Names:         CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 
                       CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 
                       CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 
                       CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 
                       CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 
                       CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 
                       CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 
                       CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 
                       CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 
                       CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 
                       CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 
                       CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 
                       CVE-2020-6416 CVE-2020-6417 
    =====================================================================
    
    1. Summary:
    
    An update for chromium-browser is now available for Red Hat Enterprise
    Linux 6 Supplementary.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
    Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
    Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
    Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
    
    3. Description:
    
    Chromium is an open-source web browser, powered by WebKit (Blink).
    
    This update upgrades Chromium to version 80.0.3987.87.
    
    Security Fix(es):
    
    * chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)
    
    * chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)
    
    * chromium-browser: Insufficient policy enforcement in storage
    (CVE-2020-6385)
    
    * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)
    
    * chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)
    
    * chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)
    
    * chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)
    
    * libxslt: use after free in xsltCopyText in transform.c could lead to
    information disclosure (CVE-2019-18197)
    
    * sqlite: invalid pointer dereference in exprListAppendList in window.c
    (CVE-2019-19880)
    
    * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT
    JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
    (CVE-2019-19923)
    
    * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname
    during an update of a ZIP archive (CVE-2019-19925)
    
    * sqlite: error mishandling because of incomplete fix of CVE-2019-19880
    (CVE-2019-19926)
    
    * chromium-browser: Insufficient validation of untrusted input in Blink
    (CVE-2020-6391)
    
    * chromium-browser: Insufficient policy enforcement in extensions
    (CVE-2020-6392)
    
    * chromium-browser: Insufficient policy enforcement in Blink
    (CVE-2020-6393)
    
    * chromium-browser: Insufficient policy enforcement in Blink
    (CVE-2020-6394)
    
    * chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)
    
    * chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)
    
    * chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)
    
    * chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)
    
    * chromium-browser: Insufficient policy enforcement in AppCache
    (CVE-2020-6399)
    
    * chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)
    
    * chromium-browser: Insufficient validation of untrusted input in Omnibox
    (CVE-2020-6401)
    
    * chromium-browser: Insufficient policy enforcement in downloads
    (CVE-2020-6402)
    
    * chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)
    
    * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)
    
    * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)
    
    * chromium-browser: Use after free in audio (CVE-2020-6406)
    
    * chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)
    
    * chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)
    
    * chromium-browser: Insufficient policy enforcement in navigation
    (CVE-2020-6410)
    
    * chromium-browser: Insufficient validation of untrusted input in Omnibox
    (CVE-2020-6411)
    
    * chromium-browser: Insufficient validation of untrusted input in Omnibox
    (CVE-2020-6412)
    
    * chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)
    
    * chromium-browser: Insufficient policy enforcement in Safe Browsing
    (CVE-2020-6414)
    
    * chromium-browser: Inappropriate implementation in JavaScript
    (CVE-2020-6415)
    
    * chromium-browser: Insufficient data validation in streams (CVE-2020-6416)
    
    * chromium-browser: Inappropriate implementation in installer
    (CVE-2020-6417)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    After installing the update, Chromium must be restarted for the changes to
    take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
    1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c
    1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
    1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
    1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880
    1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
    1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
    1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
    1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
    1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
    1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
    1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
    1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
    1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
    1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
    1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
    1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
    1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
    1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
    1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
    1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
    1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
    1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
    1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
    1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
    1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
    1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
    1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
    1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
    1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
    1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
    1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
    1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
    1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
    1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
    1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
    1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
    1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer
    
    6. Package List:
    
    Red Hat Enterprise Linux Desktop Supplementary (v. 6):
    
    i386:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    i686:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    x86_64:
    chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
    
    Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
    
    i686:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    x86_64:
    chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
    
    Red Hat Enterprise Linux Server Supplementary (v. 6):
    
    i386:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    i686:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    x86_64:
    chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation Supplementary (v. 6):
    
    i386:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    i686:
    chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
    
    x86_64:
    chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
    chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-18197
    https://access.redhat.com/security/cve/CVE-2019-19880
    https://access.redhat.com/security/cve/CVE-2019-19923
    https://access.redhat.com/security/cve/CVE-2019-19925
    https://access.redhat.com/security/cve/CVE-2019-19926
    https://access.redhat.com/security/cve/CVE-2020-6381
    https://access.redhat.com/security/cve/CVE-2020-6382
    https://access.redhat.com/security/cve/CVE-2020-6385
    https://access.redhat.com/security/cve/CVE-2020-6387
    https://access.redhat.com/security/cve/CVE-2020-6388
    https://access.redhat.com/security/cve/CVE-2020-6389
    https://access.redhat.com/security/cve/CVE-2020-6390
    https://access.redhat.com/security/cve/CVE-2020-6391
    https://access.redhat.com/security/cve/CVE-2020-6392
    https://access.redhat.com/security/cve/CVE-2020-6393
    https://access.redhat.com/security/cve/CVE-2020-6394
    https://access.redhat.com/security/cve/CVE-2020-6395
    https://access.redhat.com/security/cve/CVE-2020-6396
    https://access.redhat.com/security/cve/CVE-2020-6397
    https://access.redhat.com/security/cve/CVE-2020-6398
    https://access.redhat.com/security/cve/CVE-2020-6399
    https://access.redhat.com/security/cve/CVE-2020-6400
    https://access.redhat.com/security/cve/CVE-2020-6401
    https://access.redhat.com/security/cve/CVE-2020-6402
    https://access.redhat.com/security/cve/CVE-2020-6403
    https://access.redhat.com/security/cve/CVE-2020-6404
    https://access.redhat.com/security/cve/CVE-2020-6405
    https://access.redhat.com/security/cve/CVE-2020-6406
    https://access.redhat.com/security/cve/CVE-2020-6408
    https://access.redhat.com/security/cve/CVE-2020-6409
    https://access.redhat.com/security/cve/CVE-2020-6410
    https://access.redhat.com/security/cve/CVE-2020-6411
    https://access.redhat.com/security/cve/CVE-2020-6412
    https://access.redhat.com/security/cve/CVE-2020-6413
    https://access.redhat.com/security/cve/CVE-2020-6414
    https://access.redhat.com/security/cve/CVE-2020-6415
    https://access.redhat.com/security/cve/CVE-2020-6416
    https://access.redhat.com/security/cve/CVE-2020-6417
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z
    S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7
    xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH
    2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6
    gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi
    KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd
    46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3
    IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u
    V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG
    FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP
    vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT
    NsxBlW4nT+g=
    =xupY
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.