Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3259 Important: chromium-browser security update 25 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium-browser Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-17477 CVE-2018-17476 CVE-2018-17475 CVE-2018-17474 CVE-2018-17473 CVE-2018-17471 CVE-2018-17470 CVE-2018-17469 CVE-2018-17468 CVE-2018-17467 CVE-2018-17466 CVE-2018-17465 CVE-2018-17464 CVE-2018-17463 CVE-2018-17462 CVE-2018-16435 CVE-2018-5179 Reference: ASB-2018.0266 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:3004 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2018:3004-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:3004 Issue date: 2018-10-24 CVE Names: CVE-2018-5179 CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 70.0.3538.67. Security Fix(es): * chromium-browser: Sandbox escape in AppCache (CVE-2018-17462) * chromium-browser: Remote code execution in V8 (CVE-2018-17463) * chromium-browser: URL spoof in Omnibox (CVE-2018-17464) * chromium-browser: Use after free in V8 (CVE-2018-17465) * chromium-browser: Memory corruption in Angle (CVE-2018-17466) * lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435) * chromium-browser: URL spoof in Omnibox (CVE-2018-17467) * chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468) * chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469) * chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470) * chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471) * chromium-browser: URL spoof in Omnibox (CVE-2018-17473) * chromium-browser: Use after free in Blink (CVE-2018-17474) * chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179) * chromium-browser: URL spoof in Omnibox (CVE-2018-17475) * chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476) * chromium-browser: UI spoof in Extensions (CVE-2018-17477) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow 1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache 1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8 1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox 1640101 - CVE-2018-17465 chromium-browser: Use after free in V8 1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle 1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox 1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink 1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium 1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals 1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode 1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox 1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink 1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox 1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode 1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker 1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5179 https://access.redhat.com/security/cve/CVE-2018-16435 https://access.redhat.com/security/cve/CVE-2018-17462 https://access.redhat.com/security/cve/CVE-2018-17463 https://access.redhat.com/security/cve/CVE-2018-17464 https://access.redhat.com/security/cve/CVE-2018-17465 https://access.redhat.com/security/cve/CVE-2018-17466 https://access.redhat.com/security/cve/CVE-2018-17467 https://access.redhat.com/security/cve/CVE-2018-17468 https://access.redhat.com/security/cve/CVE-2018-17469 https://access.redhat.com/security/cve/CVE-2018-17470 https://access.redhat.com/security/cve/CVE-2018-17471 https://access.redhat.com/security/cve/CVE-2018-17473 https://access.redhat.com/security/cve/CVE-2018-17474 https://access.redhat.com/security/cve/CVE-2018-17475 https://access.redhat.com/security/cve/CVE-2018-17476 https://access.redhat.com/security/cve/CVE-2018-17477 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW9DtKdzjgjWX9erEAQgCxRAAowiTvmxP7iUmw/4GyB2N0VC2zQYGzxe+ mlEHS4Idc5zO0tx1IxtMUlhPOmpbxxPmi5v5vEf3kZcgJNir93x6CXUa5dz/VabD c+abLDqy+oyhNfpO/J2NYoXcG7lhxGvSJ4gYZXJGXpR0B0mfk8Jyq1na8C0aQDX4 9KIYcZV2w/gXTRp6rd9KNSVMqV12nWi14RiBnd9jk5HnE9EszG5QDVZNKIZt4IrC T5WdT6+jtHLbaJANnQPLiAtcAgGKhiNlMuBEKyXMjoiPcAQ8Wy72sYo08hZvnjpY tOWfesqAfL86MQuk4OQ0eGmEPP8A8G16lNac9lnxqY9EAY2883CbpJ/V8Zp2A2uI zxg+1xbk+NSjgb4ED54+j3y/EiaVwAL356jncnfwnef6c6+ul3Mc8q/uPdNqCqtj 1BNR7R55y9P+kwGZqToxwNc2JzVMVZWLYgC1akUpAYMQkPCpF5Y62pjY9GFV9ock rY7KQFH2bhvMu7AlU9aTPSPwYykQdYD9vtsoEA9kzYAAEdpY6ff5d8qj6PHZaTqF aM4vO0U1ywpdtjWOTX+yTCgxqwO1xedHy9qICC1xvaMqknSbel9TZrIVmcNW8QSG l6sfCMeJhLqF90gHp3bypWlO757ZSGaSqS6lWv8HiNa4wzRLdswIkO71f9j10JDo pzUdYKw9eDY= =8fd6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9EIZ2aOgq3Tt24GAQjukxAAgbTr9RCCFp03mr7TZ1N0A70TY5fsYmTT MzaCFrcRRHbXCvDO4yflSBaB9ssB0cNMS2ZdwYGTx0gDB/Zf8YahwxDg7I/KjVG9 vl4ewzxf2fUD/LCDzB2iOvnoHTj1s2OwpTiotaSOWZf2JJPOM0MKWQEIpCxgTu5i s7LM4YgXGvA/o7EW6KAeFOfxaQl/qFu91WadKYiHyoqRcOzS5eTASlmVEcwcjiO4 EwE/vV/kj+r7uk1rVGglQOLki+0XfQ78lUeibA3CaaMQhla6lMQBs8dpueoVLElM rnJtnmOTjk5n61I88TjvKlG5pGLs7ewoBr0lG90SrgRcVZc6O+qr51m7b5JeovoU VMh4nK92vOdoaf3+sXLVXWlZc8LwJ3oHRBaWPrn5HM3ab2/T4h5upPZnm+AzlOmG IIRIrNh48Ui2u7Qr1Akd++qnUPEqa9Bn4JPTNO8fdwBFhYCpKo+NSXD0r7GQib12 a8MStNzppH0hPMNkRPnDnv67mGPk+jj/CtDCThRQMkF2SeCf1KNlPY4PJ7kqxyTN 6T4d1AIxsI3VZJnlA6XnnsCSUl2HQciiSkiwzqDN5XcgWFvA/rI7+oghkdge2Dae df6ObRyMdjqePqcSCojP1qPN+Ep491pMrUnPacEYkaimRXWbreW1zVPAJNCXXbg+ xlFdIraInIc= =CtEt -----END PGP SIGNATURE-----