ESB-2018.2203 - [RedHat] chromium-browser: Multiple vulnerabilities 2018-07-31

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2203
                Important: chromium-browser security update
                               31 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Unknown/Unspecified         
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-6179 CVE-2018-6178 CVE-2018-6177
                   CVE-2018-6176 CVE-2018-6175 CVE-2018-6174
                   CVE-2018-6173 CVE-2018-6172 CVE-2018-6171
                   CVE-2018-6170 CVE-2018-6169 CVE-2018-6168
                   CVE-2018-6167 CVE-2018-6166 CVE-2018-6165
                   CVE-2018-6164 CVE-2018-6163 CVE-2018-6162
                   CVE-2018-6161 CVE-2018-6159 CVE-2018-6158
                   CVE-2018-6157 CVE-2018-6156 CVE-2018-6155
                   CVE-2018-6154 CVE-2018-6153 CVE-2018-6152
                   CVE-2018-6151 CVE-2018-6150 CVE-2018-6044
                   CVE-2018-4117  

Reference:         ASB-2018.0185
                   ESB-2018.2190
                   ESB-2018.1327
                   ESB-2018.0970
                   ESB-2018.0969
                   ESB-2018.0968

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:2282

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:2282-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2282
Issue date:        2018-07-30
CVE Names:         CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 
                   CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 
                   CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 
                   CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 
                   CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 
                   CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 
                   CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 
                   CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 
                   CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 
                   CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 
                   CVE-2018-6179 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 68.0.3440.75.

Security Fix(es):

* chromium-browser: Stack buffer overflow in Skia (CVE-2018-6153)

* chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6154)

* chromium-browser: Use after free in WebRTC (CVE-2018-6155)

* chromium-browser: Heap buffer overflow in WebRTC (CVE-2018-6156)

* chromium-browser: Type confusion in WebRTC (CVE-2018-6157)

* chromium-browser: Cross origin information disclosure in Service Workers
(CVE-2018-6150)

* chromium-browser: Bad cast in DevTools (CVE-2018-6151)

* chromium-browser: Local file write in DevTools (CVE-2018-6152)

* chromium-browser: Use after free in Blink (CVE-2018-6158)

* chromium-browser: Same origin policy bypass in ServiceWorker
(CVE-2018-6159)

* chromium-browser: Same origin policy bypass in WebAudio (CVE-2018-6161)

* chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6162)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6163)

* chromium-browser: Same origin policy bypass in ServiceWorker
(CVE-2018-6164)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6165)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6166)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6167)

* chromium-browser: CORS bypass in Blink (CVE-2018-6168)

* chromium-browser: Permissions bypass in extension installation
(CVE-2018-6169)

* chromium-browser: Type confusion in PDFium (CVE-2018-6170)

* chromium-browser: Use after free in WebBluetooth (CVE-2018-6171)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6172)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6173)

* chromium-browser: Integer overflow in SwiftShader (CVE-2018-6174)

* chromium-browser: URL spoof in Omnibox (CVE-2018-6175)

* chromium-browser: Local user privilege escalation in Extensions
(CVE-2018-6176)

* chromium-browser: Cross origin information leak in Blink (CVE-2018-4117)

* chromium-browser: Request privilege escalation in Extensions
(CVE-2018-6044)

* chromium-browser: Cross origin information leak in Blink (CVE-2018-6177)

* chromium-browser: UI spoof in Extensions (CVE-2018-6178)

* chromium-browser: Local file information leak in Extensions
(CVE-2018-6179)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1608177 - CVE-2018-6153 chromium-browser: Stack buffer overflow in Skia
1608178 - CVE-2018-6154 chromium-browser: Heap buffer overflow in WebGL
1608179 - CVE-2018-6155 chromium-browser: Use after free in WebRTC
1608180 - CVE-2018-6156 chromium-browser: Heap buffer overflow in WebRTC
1608181 - CVE-2018-6157 chromium-browser: Type confusion in WebRTC
1608182 - CVE-2018-6158 chromium-browser: Use after free in Blink
1608183 - CVE-2018-6159 chromium-browser: Same origin policy bypass in ServiceWorker
1608185 - CVE-2018-6161 chromium-browser: Same origin policy bypass in WebAudio
1608186 - CVE-2018-6162 chromium-browser: Heap buffer overflow in WebGL
1608187 - CVE-2018-6163 chromium-browser: URL spoof in Omnibox
1608188 - CVE-2018-6164 chromium-browser: Same origin policy bypass in ServiceWorker
1608189 - CVE-2018-6165 chromium-browser: URL spoof in Omnibox
1608190 - CVE-2018-6166 chromium-browser: URL spoof in Omnibox
1608191 - CVE-2018-6167 chromium-browser: URL spoof in Omnibox
1608192 - CVE-2018-6168 chromium-browser: CORS bypass in Blink
1608193 - CVE-2018-6169 chromium-browser: Permissions bypass in extension installation
1608194 - CVE-2018-6170 chromium-browser: Type confusion in PDFium
1608195 - CVE-2018-6171 chromium-browser: Use after free in WebBluetooth
1608196 - CVE-2018-6172 chromium-browser: URL spoof in Omnibox
1608197 - CVE-2018-6173 chromium-browser: URL spoof in Omnibox
1608198 - CVE-2018-6174 chromium-browser: Integer overflow in SwiftShader
1608199 - CVE-2018-6175 chromium-browser: URL spoof in Omnibox
1608200 - CVE-2018-6176 chromium-browser: Local user privilege escalation in Extensions
1608201 - CVE-2018-6177 chromium-browser: Cross origin information leak in Blink
1608202 - CVE-2018-6178 chromium-browser: UI spoof in Extensions
1608203 - CVE-2018-6179 chromium-browser: Local file information leak in Extensions
1608204 - CVE-2018-6044 chromium-browser: Request privilege escalation in Extensions
1608205 - CVE-2018-4117 chromium-browser: Cross origin information leak in Blink
1608206 - CVE-2018-6150 chromium-browser: Cross origin information disclosure in Service Workers
1608207 - CVE-2018-6151 chromium-browser: Bad cast in DevTools
1608208 - CVE-2018-6152 chromium-browser: Local file write in DevTools

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-68.0.3440.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-68.0.3440.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-68.0.3440.75-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-4117
https://access.redhat.com/security/cve/CVE-2018-6044
https://access.redhat.com/security/cve/CVE-2018-6150
https://access.redhat.com/security/cve/CVE-2018-6151
https://access.redhat.com/security/cve/CVE-2018-6152
https://access.redhat.com/security/cve/CVE-2018-6153
https://access.redhat.com/security/cve/CVE-2018-6154
https://access.redhat.com/security/cve/CVE-2018-6155
https://access.redhat.com/security/cve/CVE-2018-6156
https://access.redhat.com/security/cve/CVE-2018-6157
https://access.redhat.com/security/cve/CVE-2018-6158
https://access.redhat.com/security/cve/CVE-2018-6159
https://access.redhat.com/security/cve/CVE-2018-6161
https://access.redhat.com/security/cve/CVE-2018-6162
https://access.redhat.com/security/cve/CVE-2018-6163
https://access.redhat.com/security/cve/CVE-2018-6164
https://access.redhat.com/security/cve/CVE-2018-6165
https://access.redhat.com/security/cve/CVE-2018-6166
https://access.redhat.com/security/cve/CVE-2018-6167
https://access.redhat.com/security/cve/CVE-2018-6168
https://access.redhat.com/security/cve/CVE-2018-6169
https://access.redhat.com/security/cve/CVE-2018-6170
https://access.redhat.com/security/cve/CVE-2018-6171
https://access.redhat.com/security/cve/CVE-2018-6172
https://access.redhat.com/security/cve/CVE-2018-6173
https://access.redhat.com/security/cve/CVE-2018-6174
https://access.redhat.com/security/cve/CVE-2018-6175
https://access.redhat.com/security/cve/CVE-2018-6176
https://access.redhat.com/security/cve/CVE-2018-6177
https://access.redhat.com/security/cve/CVE-2018-6178
https://access.redhat.com/security/cve/CVE-2018-6179
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW18qZtzjgjWX9erEAQhZ2w/+O2aOCGCk2DIKqwT/ErfmvasFiNz7u8I1
+yPMYTQ1NFrs8cjt/ym7PH50aFOMS/YO3n/YL5ROLzoDW/PqXvJdxvi9opWG958V
ftc20yBBa4EdJExqkKQYefxg9qD4emt6jkVBzSd/xZ3XcF50oKBG0m1aEPmCzM/G
+o3ohQPiKgAMXJMtqTvSXxy1dV0LuoFOWYS6FPrO2F2MzY0Vd8/GXP1bnxqqqYxT
ohA0f2yoPWVGzQQBRGCeHvTjv6Mt0PdGejKAoUxptgXenOQ9xAyRBuhSBkvBXAAN
3m+pEmWpHdOdEWoiIx07QcaH408ji+gs2oMSybS16PUwe9VsuOOJBOgFSLjxdb3d
bzUjIKZHHscjxA1KIVtAx2JdqTLUKlSjSvaaZxa5d/wFq2UticBM8+EotuIOdE5J
6BVLVX+0GUCizPNbgC2f4i2G3xd60uiym9KP70Z7X+W7vMl9qXcab+GOJCAufwY8
+dfchywwsT19FdQLBJEjKPm7b33FNdr0oLvg6D5RK4pdJMYiEXoCt6ElLBBQzSEA
3vXsagWAaeDEBsLeDNapkLh1BHUx86iMVLGUtiwFgbtAXg7Jbz82AHZmtwT1bf6I
KR7aOFFs2zKjRSuQDQZlOPNQVCt04+NbMZYEw6cHIT/+wX7ZrXaNZp+4tTo9gnOf
R1+VLpZrH1Q=
=jHL1
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW1+pdGaOgq3Tt24GAQgGmA/9E15XlWfV4f+tYG0ZdQUTejvrK11KyzNy
MtdyMndcKX9JFTm6GL7+CtZs9GNakfkBVkVHw+jc+HMqi29YOWno80nfVFdOLFXs
W2zWOpcyga7IWNNIiBH9iXRXTLeLCzC6cPtqK1yjshdw9prJk5cx4Vhe25Eotg57
CgXlLghhRI7wYT/YBpsZpS67imyXGJo3Y/9p1nH92hbkiIb7LHck7SKlftKzBH+W
V41+lyvPtnHxdX7XSZycPJIa93pb9N4Yt865YnNBp452AJSABngSI1e2+mBcnZAd
2kdTePi5rMyWu9wpmd92es0zbmxRPMfVeQnpXfkYSvPFGOWsRooC1nXEHnszFm4P
fD3CLhMXo72nyS4bXpad0MIwkqnW0XA7pK0nfTEYzCOn02GwAdA4JY2p+WnyDwSt
TdPfRUKM5Ri5jnw9Oe/LF81JOhtALsMWOdCBpvvnlDCDPfmNHaLy3KzIIrw6pMDE
tR7k76ArIJCnr0OLF1C+2jbmIy3ysTBWZBiwN+3W0KP3gU62pf+/hHAYLMHqsfmg
5ato1h4HRjDFXaU/e4KJ/WNYJjCBi9Yi2UX0aAgJ4IBd5dGeVc2u5dfrvFkHZB66
tgjoRoVBawlN7UzX23mjrTeUK7drPbX+ovdGkGq40KNUuPrKRvlD7LXXsGqdpkbY
fG6nWUF/AjQ=
=TD5H
-----END PGP SIGNATURE-----

« Back to bulletins