ESB-2018.0330 - [RedHat] chromium-browser: Multiple vulnerabilities 2018-02-02

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0330
                Important: chromium-browser security update
                              2 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Existing Account            
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6054 CVE-2018-6053 CVE-2018-6052
                   CVE-2018-6051 CVE-2018-6050 CVE-2018-6049
                   CVE-2018-6048 CVE-2018-6047 CVE-2018-6046
                   CVE-2018-6045 CVE-2018-6043 CVE-2018-6042
                   CVE-2018-6041 CVE-2018-6040 CVE-2018-6039
                   CVE-2018-6038 CVE-2018-6037 CVE-2018-6036
                   CVE-2018-6035 CVE-2018-6034 CVE-2018-6033
                   CVE-2018-6032 CVE-2018-6031 

Reference:         ASB-2018.0037
                   ESB-2018.0323

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:0265

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:0265-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:0265
Issue date:        2018-02-01
CVE Names:         CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 
                   CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 
                   CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 
                   CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 
                   CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 
                   CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 
                   CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 
                   CVE-2018-6053 CVE-2018-6054 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 64.0.3282.119.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Chromium to crash,
execute arbitrary code, or disclose sensitive information when visited by
the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034,
CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039,
CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045,
CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050,
CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)

* To mitigate timing-based side-channel attacks similar to "Spectre" and
"Meltdown", this update reduces the precision of the timing data provided
by the Date object and the performance.now() API, and the V8 JavaScript
engine now uses masking of certain addresses and array or string indices.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1538503 - CVE-2018-6031 chromium-browser: use after free in pdfium
1538504 - CVE-2018-6032 chromium-browser: same origin bypass in shared worker
1538505 - CVE-2018-6033 chromium-browser: race when opening downloaded files
1538506 - CVE-2018-6034 chromium-browser: integer overflow in blink
1538507 - CVE-2018-6035 chromium-browser: insufficient isolation of devtools from extensions
1538508 - CVE-2018-6036 chromium-browser: integer underflow in webassembly
1538509 - CVE-2018-6037 chromium-browser: insufficient user gesture requirements in autofill
1538510 - CVE-2018-6038 chromium-browser: heap buffer overflow in webgl
1538511 - CVE-2018-6039 chromium-browser: xss in devtools
1538512 - CVE-2018-6040 chromium-browser: content security policy bypass
1538513 - CVE-2018-6041 chromium-browser: url spoof in navigation
1538514 - CVE-2018-6042 chromium-browser: url spoof in omnibox
1538515 - CVE-2018-6043 chromium-browser: insufficient escaping with external url handlers
1538516 - CVE-2018-6045 chromium-browser: insufficient isolation of devtools from extensions
1538517 - CVE-2018-6046 chromium-browser: insufficient isolation of devtools from extensions
1538518 - CVE-2018-6047 chromium-browser: cross origin url leak in webgl
1538519 - CVE-2018-6048 chromium-browser: referrer policy bypass in blink
1538520 - CVE-2018-6049 chromium-browser: ui spoof in permissions
1538522 - CVE-2018-6050 chromium-browser: url spoof in omnibox
1538523 - CVE-2018-6051 chromium-browser: referrer leak in xss auditor
1538524 - CVE-2018-6052 chromium-browser: incomplete no-referrer policy implementation
1538525 - CVE-2018-6053 chromium-browser: leak of page thumbnails in new tab page
1538526 - CVE-2018-6054 chromium-browser: use after free in webui

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-64.0.3282.119-1.el6_9.i686.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm

x86_64:
chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-64.0.3282.119-1.el6_9.i686.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm

x86_64:
chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-64.0.3282.119-1.el6_9.i686.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm

x86_64:
chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-6031
https://access.redhat.com/security/cve/CVE-2018-6032
https://access.redhat.com/security/cve/CVE-2018-6033
https://access.redhat.com/security/cve/CVE-2018-6034
https://access.redhat.com/security/cve/CVE-2018-6035
https://access.redhat.com/security/cve/CVE-2018-6036
https://access.redhat.com/security/cve/CVE-2018-6037
https://access.redhat.com/security/cve/CVE-2018-6038
https://access.redhat.com/security/cve/CVE-2018-6039
https://access.redhat.com/security/cve/CVE-2018-6040
https://access.redhat.com/security/cve/CVE-2018-6041
https://access.redhat.com/security/cve/CVE-2018-6042
https://access.redhat.com/security/cve/CVE-2018-6043
https://access.redhat.com/security/cve/CVE-2018-6045
https://access.redhat.com/security/cve/CVE-2018-6046
https://access.redhat.com/security/cve/CVE-2018-6047
https://access.redhat.com/security/cve/CVE-2018-6048
https://access.redhat.com/security/cve/CVE-2018-6049
https://access.redhat.com/security/cve/CVE-2018-6050
https://access.redhat.com/security/cve/CVE-2018-6051
https://access.redhat.com/security/cve/CVE-2018-6052
https://access.redhat.com/security/cve/CVE-2018-6053
https://access.redhat.com/security/cve/CVE-2018-6054
https://access.redhat.com/security/updates/classification/#important
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaczsxXlSAg2UNWIIRAuD6AJ99QJ/QkFx7+bROnlKH2UPWW0sDGwCgp0SV
RQ7GtwFkBMm5JyQ4+SqXeGk=
=VDp1
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWnOu54x+lLeg9Ub1AQiJPhAAgtl24djkEM8fgo+ueTy0lzQ5AMBeKfaO
dBatG6F0Yad99WRtNoBEDJpA+VFk+9vY5cuNE8MRmUV5YOdnlvQxocmVxJzITBkg
H1W56LxntLTPuDDyoPvMiDCckzWGyQhjEeAI7FWR49mxdWKhwcCndKyW5P8iYi1P
JPm10JELc+JvQGTBTQtjKaAzQrgYaqTRkPwNlGSfqI9wqTX4YsxcJokBNLwIW1DG
XyZu+zsykPWKQY8fLcwl2X4gHhbBMfMiDEpffbqTAv39mtCePfW9mazcrHNGs4wN
UZinD2t8Xsx4OacVR3mzFJN51qGhujtfeWRnuOPKP5K2r+xA3wxtelAmlspOG6Bx
ebp+Zi3F/v07A6Q49A5cePybGYS7/ZPEjHXwJgu5xMGqILzbehs8y8+A5eddGuGv
PiNrwoNKBddEnjVGTnsCZ/J2RdcXHB7LAhc8P81QP+5mlv/toNIfQw6kmpyPTkve
9xKb32fafBnxirgCusslHWlWkkYtOGJqBFDh12MdQ5fFY9C2f0yRDCbb3pKaf2R5
Fe1gqEYS1ppUmUDO5rjzEdTtbW/jWFO5pHKZqou+ww/R1F4eAONrcyFi129K3zT8
f9UUC5jsyGDlW4zsZypbwtLF1JXfSLtOuWtlpwTGi26UdK3ah+9nhn58mzcG7tCt
pBE6droUvZM=
=zM1f
-----END PGP SIGNATURE-----

« Back to bulletins