Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

RedHat: RHSA-2023-4820-01 Critical: Firefox Browser Security Patch

red hat
Calendar Grey September 10, 2020
Dist Redhat Esm H88
A critical patch has been released for Chromium in Red Hat Enterprise Linux 6. Keep your system updated to maintain optimal security.
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 85.0.4183.83.
Security Fix(es):
* chromium-browser: Use after free in presentation API (CVE-2020-6559)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6571)
* chromium-browser: Insufficient policy enforcement in autofill (CVE-2020-6560)
* chromium-browser: Inappropriate implementation in Content Security Policy (CVE-2020-6561)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6562)
* chromium-browser: Insufficient policy enforcement in intent handling (CVE-2020-6563)
* chromium-browser: Incorrect security UI in permissions (CVE-2020-6564)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6565)
* chromium-browser: Insufficient policy enforcement in media (CVE-2020-6566)
* chromium-browser: Insufficient validation of untrusted input in command line handling (CVE-2020-6567)
* chromium-browser: Insufficient policy enforcement in intent handling (CVE-2020-6568)
* chromium-browser: Integer overflow in WebUSB (CVE-2020-6569)
* chromium-browser: Side-channel information leakage in WebRTC (CVE-2020-6570)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory red hat software update important chromium-browser

References

https://access.redhat.com/security/cve/CVE-2020-6559 https://access.redhat.com/security/cve/CVE-2020-6560 https://access.redhat.com/security/cve/CVE-2020-6561 https://access.redhat.com/security/cve/CVE-2020-6562 https://access.redhat.com/security/cve/CVE-2020-6563 https://access.redhat.com/security/cve/CVE-2020-6564 https://access.redhat.com/security/cve/CVE-2020-6565 https://access.redhat.com/security/cve/CVE-2020-6566 https://access.redhat.com/security/cve/CVE-2020-6567 https://access.redhat.com/security/cve/CVE-2020-6568 https://access.redhat.com/security/cve/CVE-2020-6569 https://access.redhat.com/security/cve/CVE-2020-6570 https://access.redhat.com/security/cve/CVE-2020-6571 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-85.0.4183.83-1.el6_10.i686.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
i686: chromium-browser-85.0.4183.83-1.el6_10.i686.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64: chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-85.0.4183.83-1.el6_10.i686.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64: chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-85.0.4183.83-1.el6_10.i686.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
i686: chromium-browser-85.0.4183.83-1.el6_10.i686.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
x86_64: chromium-browser-85.0.4183.83-1.el6_10.x86_64.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-85.0.4183.83-1.el6_10.i686.rpm chromium-browser-debuginfo-85.0.4183.83-1.el6_10.i686.rpm
i686:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:3723-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3723
Issue date: 2020-09-10

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory red hat software update important chromium-browser

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

Bugs Fixed

1872945 - CVE-2020-6559 chromium-browser: Use after free in presentation API

1872946 - CVE-2020-6560 chromium-browser: Insufficient policy enforcement in autofill

1872947 - CVE-2020-6561 chromium-browser: Inappropriate implementation in Content Security Policy

1872948 - CVE-2020-6562 chromium-browser: Insufficient policy enforcement in Blink

1872949 - CVE-2020-6563 chromium-browser: Insufficient policy enforcement in intent handling

1872950 - CVE-2020-6564 chromium-browser: Incorrect security UI in permissions

1872951 - CVE-2020-6565 chromium-browser: Incorrect security UI in Omnibox

1872952 - CVE-2020-6566 chromium-browser: Insufficient policy enforcement in media

1872953 - CVE-2020-6567 chromium-browser: Insufficient validation of untrusted input in command line handling

1872955 - CVE-2020-6568 chromium-browser: Insufficient policy enforcement in intent handling

1872956 - CVE-2020-6569 chromium-browser: Integer overflow in WebUSB

1872957 - CVE-2020-6570 chromium-browser: Side-channel information leakage in WebRTC

1872958 - CVE-2020-6571 chromium-browser: Incorrect security UI in Omnibox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here