Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2719 Important: chromium-browser security update 12 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium-browser Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-16088 CVE-2018-16087 CVE-2018-16086 CVE-2018-16085 CVE-2018-16084 CVE-2018-16083 CVE-2018-16082 CVE-2018-16081 CVE-2018-16080 CVE-2018-16079 CVE-2018-16078 CVE-2018-16077 CVE-2018-16076 CVE-2018-16075 CVE-2018-16074 CVE-2018-16073 CVE-2018-16071 CVE-2018-16070 CVE-2018-16069 CVE-2018-16068 CVE-2018-16067 CVE-2018-16066 CVE-2018-16065 Reference: ASB-2018.0210 ESB-2018.2682 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:2666 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2018:2666-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2666 Issue date: 2018-09-10 CVE Names: CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085 CVE-2018-16086 CVE-2018-16087 CVE-2018-16088 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 69.0.3497.81. Security Fix(es): * chromium-browser: Out of bounds write in V8 (CVE-2018-16065) * chromium-browser: Out of bounds read in Blink (CVE-2018-16066) * chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067) * chromium-browser: Out of bounds write in Mojo (CVE-2018-16068) * chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069) * chromium-browser: Integer overflow in Skia (CVE-2018-16070) * chromium-browser: Use after free in WebRTC (CVE-2018-16071) * chromium-browser: Site Isolation bypass after tab restore (CVE-2018-16073) * chromium-browser: Site Isolation bypass using Blob URLS (CVE-2018-16074) * chromium-browser: Local file access in Blink (CVE-2018-16075) * chromium-browser: Out of bounds read in PDFium (CVE-2018-16076) * chromium-browser: Content security policy bypass in Blink (CVE-2018-16077) * chromium-browser: Credit card information leak in Autofill (CVE-2018-16078) * chromium-browser: URL spoof in permission dialogs (CVE-2018-16079) * chromium-browser: URL spoof in full screen mode (CVE-2018-16080) * chromium-browser: Local file access in DevTools (CVE-2018-16081) * chromium-browser: Stack buffer overflow in SwiftShader (CVE-2018-16082) * chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083) * chromium-browser: User confirmation bypass in external protocol handling (CVE-2018-16084) * chromium-browser: Use after free in Memory Instrumentation (CVE-2018-16085) * chromium-browser: Script injection in New Tab Page (CVE-2018-16086) * chromium-browser: Multiple download restriction bypass (CVE-2018-16087) * chromium-browser: User gesture requirement bypass (CVE-2018-16088) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1625466 - CVE-2018-16065 chromium-browser: Out of bounds write in V8 1625467 - CVE-2018-16066 chromium-browser: Out of bounds read in Blink 1625469 - CVE-2018-16067 chromium-browser: Out of bounds read in WebAudio 1625470 - CVE-2018-16068 chromium-browser: Out of bounds write in Mojo 1625471 - CVE-2018-16069 chromium-browser: Out of bounds read in SwiftShader 1625472 - CVE-2018-16070 chromium-browser: Integer overflow in Skia 1625473 - CVE-2018-16071 chromium-browser: Use after free in WebRTC 1625475 - CVE-2018-16073 chromium-browser: Site Isolation bypass after tab restore 1625476 - CVE-2018-16074 chromium-browser: Site Isolation bypass using Blob URLS 1625477 - CVE-2018-16075 chromium-browser: Local file access in Blink 1625478 - CVE-2018-16076 chromium-browser: Out of bounds read in PDFium 1625479 - CVE-2018-16077 chromium-browser: Content security policy bypass in Blink 1625480 - CVE-2018-16078 chromium-browser: Credit card information leak in Autofill 1625481 - CVE-2018-16079 chromium-browser: URL spoof in permission dialogs 1625482 - CVE-2018-16080 chromium-browser: URL spoof in full screen mode 1625484 - CVE-2018-16081 chromium-browser: Local file access in DevTools 1625485 - CVE-2018-16082 chromium-browser: Stack buffer overflow in SwiftShader 1625486 - CVE-2018-16083 chromium-browser: Out of bounds read in WebRTC 1625487 - CVE-2018-16084 chromium-browser: User confirmation bypass in external protocol handling 1625488 - CVE-2018-16085 chromium-browser: Use after free in Memory Instrumentation 1626286 - CVE-2018-16088 chromium-browser: User gesture requirement bypass 1626287 - CVE-2018-16087 chromium-browser: Multiple download restriction bypass 1626288 - CVE-2018-16086 chromium-browser: Script injection in New Tab Page 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-69.0.3497.81-1.el6_10.i686.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm x86_64: chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-69.0.3497.81-1.el6_10.i686.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm x86_64: chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-69.0.3497.81-1.el6_10.i686.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm x86_64: chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16065 https://access.redhat.com/security/cve/CVE-2018-16066 https://access.redhat.com/security/cve/CVE-2018-16067 https://access.redhat.com/security/cve/CVE-2018-16068 https://access.redhat.com/security/cve/CVE-2018-16069 https://access.redhat.com/security/cve/CVE-2018-16070 https://access.redhat.com/security/cve/CVE-2018-16071 https://access.redhat.com/security/cve/CVE-2018-16073 https://access.redhat.com/security/cve/CVE-2018-16074 https://access.redhat.com/security/cve/CVE-2018-16075 https://access.redhat.com/security/cve/CVE-2018-16076 https://access.redhat.com/security/cve/CVE-2018-16077 https://access.redhat.com/security/cve/CVE-2018-16078 https://access.redhat.com/security/cve/CVE-2018-16079 https://access.redhat.com/security/cve/CVE-2018-16080 https://access.redhat.com/security/cve/CVE-2018-16081 https://access.redhat.com/security/cve/CVE-2018-16082 https://access.redhat.com/security/cve/CVE-2018-16083 https://access.redhat.com/security/cve/CVE-2018-16084 https://access.redhat.com/security/cve/CVE-2018-16085 https://access.redhat.com/security/cve/CVE-2018-16086 https://access.redhat.com/security/cve/CVE-2018-16087 https://access.redhat.com/security/cve/CVE-2018-16088 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW5bioNzjgjWX9erEAQizow//brLYe8NF07UKL+CRDDTAz57gEvWDgp00 +DdBBWiax8Ki5sZ824r7T9vKyE5nNccio9fNHpML5/OZEB3XULsacIlVBVH+Rcvd UseY/TYidadmwxYSppkAxxqrHFqiVeFq1Dc0TsYeUwJzWp6Au05zt+Tp51ihHPOi HQgkJ402MJ39T7S0RIWiWR07zuW2u6SR461zuLw19FKGPi1gfH3GkGHYAUXHoabq xRGGkbwlKefudrs2mRC1AjHpNEYf3Xv7eq7L/6q9n1gGERJv1ptbrPmPjI3/thoC uENRcAoURwYoD/AmJyan/Aw3y/LrwepY7I4GFlhV+nP61pVk55V/i4FQl7mpsKui mN746lmAgBJdaJRX6VYJu4Ac3a+Z9w/mv1WAMIVNMwpx68UAuSDo/Cg3PwyHhw1v vd1U2XyaZEG2ZIi/w/3eKNjmYRgcaAEtWh7RX/9ylTh2VkpdtgtUWiZkAMJUMylI swnEnSbjgk8NNcmHQ+NWs3kAWrhgFhAnZJfRNdR72WhzokJqLGUb5Qo4AjAMzSJz NG8KQ26A6gA7aWYyHHB/zEukrH69Ww0X508DlzH5xNF43ozUGrU6NzwpYQ4y7mXR z3S+HOO605VdY2d/zSgICwTXKJEYAoTfQ1tUigx4zjyHkDCO4ap7grBGes3Tfza9 Kms3TPiA6B4= =y9ZF - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5i0qmaOgq3Tt24GAQiENBAAhvs77X18CZctNjYL25HHTPL8Hp28g6eQ oyDJbFFTNOVi9mU1dZ29R8CKOaX6cHfh/suKVLX0qC18PpwZsiCC+Mvn9enJbnVg IuStLH4z7f1D/w7Ivlc/dhHv+bRN/6oRXRh4/Rkr/9my3014uxNZjAcd0A/jBPq+ 3emFXoqgucSZVLjYdfigJTWAafLX/C2UnbosJo/DMjaX/j4jawEcuv5YdfssegxY jUmE+vUYAHOqFA/HvSFyw93GJvTC6k7A3UQSVt/3X6sW7F5liQIpRzaNLi7c0P0Y h4d0SNkGAp63OeoauyxmlZMvbgiZTheG/8q/8HqUL5br22tA37wHDk9crfs30lwU RvGymIgu3nGeU7bIIYcqTpFzR7v0oFcJ4hhFNxBWzHULSdB/P5K44NusqrZErpLD y7u37hzuSgCJ5qwYNcITMbEZE+QalOcAkooPaX4jbITaNPayv7G1bycEvbPuFo14 zbbgppkxIrVnuyMuoX5Xit2n8g8yvmmuZh14D2Vu+mYQBpbh2abIiC8wPPrVDfky AYFLGKy1TYQ+IYdHDgjl5vFo/jgMH33Jb9gv+iMoMT7LoNu4TzHt+0TCQSj/16nS ZaOetdO0WClpePrvu3JCinEfNX3h00LsjKs6ppaCGQme6T9xOgV7huRRfbjnnhuM qu0HAXnPo8Y= =ICrX -----END PGP SIGNATURE-----