ESB-2018.1708 - [RedHat] chromium-browser: Multiple vulnerabilities 2018-06-08

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1708
                Important: chromium-browser security update
                                8 June 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6147 CVE-2018-6145 CVE-2018-6144
                   CVE-2018-6143 CVE-2018-6142 CVE-2018-6141
                   CVE-2018-6140 CVE-2018-6139 CVE-2018-6138
                   CVE-2018-6137 CVE-2018-6136 CVE-2018-6135
                   CVE-2018-6134 CVE-2018-6133 CVE-2018-6132
                   CVE-2018-6131 CVE-2018-6130 CVE-2018-6129
                   CVE-2018-6127 CVE-2018-6126 CVE-2018-6125
                   CVE-2018-6124 CVE-2018-6123 

Reference:         ASB-2018.0125
                   ASB-2018.0123

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:1815

- --------------------------BEGIN INCLUDED TEXT--------------------

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:1815-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1815
Issue date:        2018-06-07
CVE Names:         CVE-2018-6123 CVE-2018-6124 CVE-2018-6125
                   CVE-2018-6126 CVE-2018-6127 CVE-2018-6129
                   CVE-2018-6130 CVE-2018-6131 CVE-2018-6132
                   CVE-2018-6133 CVE-2018-6134 CVE-2018-6135
                   CVE-2018-6136 CVE-2018-6137 CVE-2018-6138
                   CVE-2018-6139 CVE-2018-6140 CVE-2018-6141
                   CVE-2018-6142 CVE-2018-6143 CVE-2018-6144
                   CVE-2018-6145 CVE-2018-6147
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 67.0.3396.62.

Security Fix(es):

* chromium-browser: Use after free in Blink (CVE-2018-6123)

* chromium-browser: Type confusion in Blink (CVE-2018-6124)

* chromium-browser: Overly permissive policy in WebUSB (CVE-2018-6125)

* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6126)

* chromium-browser: Use after free in indexedDB (CVE-2018-6127)

* chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6129)

* chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6130)

* chromium-browser: Incorrect mutability protection in WebAssembly
(CVE-2018-6131)

* chromium-browser: Use of uninitialized memory in WebRTC (CVE-2018-6132)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6133)

* chromium-browser: Referrer Policy bypass in Blink (CVE-2018-6134)

* chromium-browser: UI spoofing in Blink (CVE-2018-6135)

* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6136)

* chromium-browser: Leak of visited status of page in Blink (CVE-2018-6137)

* chromium-browser: Overly permissive policy in Extensions (CVE-2018-6138)

* chromium-browser: Restrictions bypass in the debugger extension API
(CVE-2018-6139)

* chromium-browser: Restrictions bypass in the debugger extension API
(CVE-2018-6140)

* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6141)

* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6142)

* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6143)

* chromium-browser: Out of bounds memory access in PDFium (CVE-2018-6144)

* chromium-browser: Incorrect escaping of MathML in Blink (CVE-2018-6145)

* chromium-browser: Password fields not taking advantage of OS protections
in Views (CVE-2018-6147)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1584032 - CVE-2018-6123 chromium-browser: Use after free in Blink
1584033 - CVE-2018-6124 chromium-browser: Type confusion in Blink
1584034 - CVE-2018-6125 chromium-browser: Overly permissive policy in WebUSB
1584035 - CVE-2018-6126 chromium-browser: Heap buffer overflow in Skia
1584037 - CVE-2018-6127 chromium-browser: Use after free in indexedDB
1584039 - CVE-2018-6129 chromium-browser: Out of bounds memory access in WebRTC
1584040 - CVE-2018-6130 chromium-browser: Out of bounds memory access in WebRTC
1584042 - CVE-2018-6131 chromium-browser: Incorrect mutability protection in WebAssembly
1584043 - CVE-2018-6132 chromium-browser: Use of uninitialized memory in WebRTC
1584044 - CVE-2018-6133 chromium-browser: URL spoof in Omnibox
1584045 - CVE-2018-6134 chromium-browser: Referrer Policy bypass in Blink
1584046 - CVE-2018-6135 chromium-browser: UI spoofing in Blink
1584047 - CVE-2018-6136 chromium-browser: Out of bounds memory access in V8
1584048 - CVE-2018-6137 chromium-browser: Leak of visited status of page in Blink
1584049 - CVE-2018-6138 chromium-browser: Overly permissive policy in Extensions
1584050 - CVE-2018-6139 chromium-browser: Restrictions bypass in the debugger extension API
1584051 - CVE-2018-6140 chromium-browser: Restrictions bypass in the debugger extension API
1584052 - CVE-2018-6141 chromium-browser: Heap buffer overflow in Skia
1584054 - CVE-2018-6142 chromium-browser: Out of bounds memory access in V8
1584055 - CVE-2018-6143 chromium-browser: Out of bounds memory access in V8
1584056 - CVE-2018-6144 chromium-browser: Out of bounds memory access in PDFium
1584057 - CVE-2018-6145 chromium-browser: Incorrect escaping of MathML in Blink
1584058 - CVE-2018-6147 chromium-browser: Password fields not taking advantage of OS protections in Views

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.62-2.el6_9.i686.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm

x86_64:
chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.62-2.el6_9.i686.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm

x86_64:
chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-67.0.3396.62-2.el6_9.i686.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm

x86_64:
chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-6123
https://access.redhat.com/security/cve/CVE-2018-6124
https://access.redhat.com/security/cve/CVE-2018-6125
https://access.redhat.com/security/cve/CVE-2018-6126
https://access.redhat.com/security/cve/CVE-2018-6127
https://access.redhat.com/security/cve/CVE-2018-6129
https://access.redhat.com/security/cve/CVE-2018-6130
https://access.redhat.com/security/cve/CVE-2018-6131
https://access.redhat.com/security/cve/CVE-2018-6132
https://access.redhat.com/security/cve/CVE-2018-6133
https://access.redhat.com/security/cve/CVE-2018-6134
https://access.redhat.com/security/cve/CVE-2018-6135
https://access.redhat.com/security/cve/CVE-2018-6136
https://access.redhat.com/security/cve/CVE-2018-6137
https://access.redhat.com/security/cve/CVE-2018-6138
https://access.redhat.com/security/cve/CVE-2018-6139
https://access.redhat.com/security/cve/CVE-2018-6140
https://access.redhat.com/security/cve/CVE-2018-6141
https://access.redhat.com/security/cve/CVE-2018-6142
https://access.redhat.com/security/cve/CVE-2018-6143
https://access.redhat.com/security/cve/CVE-2018-6144
https://access.redhat.com/security/cve/CVE-2018-6145
https://access.redhat.com/security/cve/CVE-2018-6147
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWxnIG2aOgq3Tt24GAQjxXw//dpmvb1B7N7TpDpw0JdV3jtro7TAXYex6
TfNtP/Epuunxpxpb/a1aYjv+J8Y+N2HJ4Fokb0amrMKVL0Fnlu8xpAxr06nh4IvR
12owLFOlq/KgfG7osOth5cpN1zxzI9uS97J1TvdNJeJOkt3q9DkRfxP6jFgN7XBh
Xs78wWb7FgN6ej2H27EkaSbEho+zWJKIfyphmDHhxEny1S5pA4ALXAg/1LTaoDAa
XL03HB5FrXYv6rokoQGZ+LY3yt0NGbh8g7SjeFic6LycV74dsBenSFmPHGXwmGQU
Po4KAylCVZYb5Yu4pQIlG9Da65vMW97ImUdXpt/Vito76hRL9cwXR42/7pVvZPU8
5pGw2ceIJbhtWj5LwLgzall/evsdq4X7dQxWrnfTpPEaWOYtxAVLPfXFpqFQZoC2
1ncO9NzURn6kl0Cg29LqTkjzc50k6bAaPurS7teD47vc7q2g5RJ6e8rTL7qAWm58
JgaZqfG7lTgmpXbkifslJ72J81srbQjfIKqOIKSZUMlyMKJkKp/HNPIawQ0c7Rn7
36ZMcnmZEgsGx3zheydMT4NSdry4AnkwuHZzraxTTTqFOF3p6HrYwMUE3DmN6KwZ
GIIW3D3XfhjbvzMPgdUXJMxU6p/XvHSuq9gYKtoUXlnDeV68Fn2iaV1Up4jBUslS
3AA01FRI1MM=
=0W1M
-----END PGP SIGNATURE-----

« Back to bulletins