ESB-2018.2719 - [RedHat] chromium-browser: Multiple vulnerabilities 2018-09-12

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2719
                Important: chromium-browser security update
                             12 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-16088 CVE-2018-16087 CVE-2018-16086
                   CVE-2018-16085 CVE-2018-16084 CVE-2018-16083
                   CVE-2018-16082 CVE-2018-16081 CVE-2018-16080
                   CVE-2018-16079 CVE-2018-16078 CVE-2018-16077
                   CVE-2018-16076 CVE-2018-16075 CVE-2018-16074
                   CVE-2018-16073 CVE-2018-16071 CVE-2018-16070
                   CVE-2018-16069 CVE-2018-16068 CVE-2018-16067
                   CVE-2018-16066 CVE-2018-16065 

Reference:         ASB-2018.0210
                   ESB-2018.2682

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:2666

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:2666-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2666
Issue date:        2018-09-10
CVE Names:         CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 
                   CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 
                   CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 
                   CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 
                   CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 
                   CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 
                   CVE-2018-16084 CVE-2018-16085 CVE-2018-16086 
                   CVE-2018-16087 CVE-2018-16088 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 69.0.3497.81.

Security Fix(es):

* chromium-browser: Out of bounds write in V8 (CVE-2018-16065)

* chromium-browser: Out of bounds read in Blink (CVE-2018-16066)

* chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067)

* chromium-browser: Out of bounds write in Mojo (CVE-2018-16068)

* chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069)

* chromium-browser: Integer overflow in Skia (CVE-2018-16070)

* chromium-browser: Use after free in WebRTC (CVE-2018-16071)

* chromium-browser: Site Isolation bypass after tab restore
(CVE-2018-16073)

* chromium-browser: Site Isolation bypass using Blob URLS (CVE-2018-16074)

* chromium-browser: Local file access in Blink (CVE-2018-16075)

* chromium-browser: Out of bounds read in PDFium (CVE-2018-16076)

* chromium-browser: Content security policy bypass in Blink
(CVE-2018-16077)

* chromium-browser: Credit card information leak in Autofill
(CVE-2018-16078)

* chromium-browser: URL spoof in permission dialogs (CVE-2018-16079)

* chromium-browser: URL spoof in full screen mode (CVE-2018-16080)

* chromium-browser: Local file access in DevTools (CVE-2018-16081)

* chromium-browser: Stack buffer overflow in SwiftShader (CVE-2018-16082)

* chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083)

* chromium-browser: User confirmation bypass in external protocol handling
(CVE-2018-16084)

* chromium-browser: Use after free in Memory Instrumentation
(CVE-2018-16085)

* chromium-browser: Script injection in New Tab Page (CVE-2018-16086)

* chromium-browser: Multiple download restriction bypass (CVE-2018-16087)

* chromium-browser: User gesture requirement bypass (CVE-2018-16088)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1625466 - CVE-2018-16065 chromium-browser: Out of bounds write in V8
1625467 - CVE-2018-16066 chromium-browser: Out of bounds read in Blink
1625469 - CVE-2018-16067 chromium-browser: Out of bounds read in WebAudio
1625470 - CVE-2018-16068 chromium-browser: Out of bounds write in Mojo
1625471 - CVE-2018-16069 chromium-browser: Out of bounds read in SwiftShader
1625472 - CVE-2018-16070 chromium-browser: Integer overflow in Skia
1625473 - CVE-2018-16071 chromium-browser: Use after free in WebRTC
1625475 - CVE-2018-16073 chromium-browser: Site Isolation bypass after tab restore
1625476 - CVE-2018-16074 chromium-browser: Site Isolation bypass using Blob URLS
1625477 - CVE-2018-16075 chromium-browser: Local file access in Blink
1625478 - CVE-2018-16076 chromium-browser: Out of bounds read in PDFium
1625479 - CVE-2018-16077 chromium-browser: Content security policy bypass in Blink
1625480 - CVE-2018-16078 chromium-browser: Credit card information leak in Autofill
1625481 - CVE-2018-16079 chromium-browser: URL spoof in permission dialogs
1625482 - CVE-2018-16080 chromium-browser: URL spoof in full screen mode
1625484 - CVE-2018-16081 chromium-browser: Local file access in DevTools
1625485 - CVE-2018-16082 chromium-browser: Stack buffer overflow in SwiftShader
1625486 - CVE-2018-16083 chromium-browser: Out of bounds read in WebRTC
1625487 - CVE-2018-16084 chromium-browser: User confirmation bypass in external protocol handling
1625488 - CVE-2018-16085 chromium-browser: Use after free in Memory Instrumentation
1626286 - CVE-2018-16088 chromium-browser: User gesture requirement bypass
1626287 - CVE-2018-16087 chromium-browser: Multiple download restriction bypass
1626288 - CVE-2018-16086 chromium-browser: Script injection in New Tab Page

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-69.0.3497.81-1.el6_10.i686.rpm
chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm

x86_64:
chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-69.0.3497.81-1.el6_10.i686.rpm
chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm

x86_64:
chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-69.0.3497.81-1.el6_10.i686.rpm
chromium-browser-debuginfo-69.0.3497.81-1.el6_10.i686.rpm

x86_64:
chromium-browser-69.0.3497.81-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-69.0.3497.81-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-16065
https://access.redhat.com/security/cve/CVE-2018-16066
https://access.redhat.com/security/cve/CVE-2018-16067
https://access.redhat.com/security/cve/CVE-2018-16068
https://access.redhat.com/security/cve/CVE-2018-16069
https://access.redhat.com/security/cve/CVE-2018-16070
https://access.redhat.com/security/cve/CVE-2018-16071
https://access.redhat.com/security/cve/CVE-2018-16073
https://access.redhat.com/security/cve/CVE-2018-16074
https://access.redhat.com/security/cve/CVE-2018-16075
https://access.redhat.com/security/cve/CVE-2018-16076
https://access.redhat.com/security/cve/CVE-2018-16077
https://access.redhat.com/security/cve/CVE-2018-16078
https://access.redhat.com/security/cve/CVE-2018-16079
https://access.redhat.com/security/cve/CVE-2018-16080
https://access.redhat.com/security/cve/CVE-2018-16081
https://access.redhat.com/security/cve/CVE-2018-16082
https://access.redhat.com/security/cve/CVE-2018-16083
https://access.redhat.com/security/cve/CVE-2018-16084
https://access.redhat.com/security/cve/CVE-2018-16085
https://access.redhat.com/security/cve/CVE-2018-16086
https://access.redhat.com/security/cve/CVE-2018-16087
https://access.redhat.com/security/cve/CVE-2018-16088
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW5bioNzjgjWX9erEAQizow//brLYe8NF07UKL+CRDDTAz57gEvWDgp00
+DdBBWiax8Ki5sZ824r7T9vKyE5nNccio9fNHpML5/OZEB3XULsacIlVBVH+Rcvd
UseY/TYidadmwxYSppkAxxqrHFqiVeFq1Dc0TsYeUwJzWp6Au05zt+Tp51ihHPOi
HQgkJ402MJ39T7S0RIWiWR07zuW2u6SR461zuLw19FKGPi1gfH3GkGHYAUXHoabq
xRGGkbwlKefudrs2mRC1AjHpNEYf3Xv7eq7L/6q9n1gGERJv1ptbrPmPjI3/thoC
uENRcAoURwYoD/AmJyan/Aw3y/LrwepY7I4GFlhV+nP61pVk55V/i4FQl7mpsKui
mN746lmAgBJdaJRX6VYJu4Ac3a+Z9w/mv1WAMIVNMwpx68UAuSDo/Cg3PwyHhw1v
vd1U2XyaZEG2ZIi/w/3eKNjmYRgcaAEtWh7RX/9ylTh2VkpdtgtUWiZkAMJUMylI
swnEnSbjgk8NNcmHQ+NWs3kAWrhgFhAnZJfRNdR72WhzokJqLGUb5Qo4AjAMzSJz
NG8KQ26A6gA7aWYyHHB/zEukrH69Ww0X508DlzH5xNF43ozUGrU6NzwpYQ4y7mXR
z3S+HOO605VdY2d/zSgICwTXKJEYAoTfQ1tUigx4zjyHkDCO4ap7grBGes3Tfza9
Kms3TPiA6B4=
=y9ZF
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW5i0qmaOgq3Tt24GAQiENBAAhvs77X18CZctNjYL25HHTPL8Hp28g6eQ
oyDJbFFTNOVi9mU1dZ29R8CKOaX6cHfh/suKVLX0qC18PpwZsiCC+Mvn9enJbnVg
IuStLH4z7f1D/w7Ivlc/dhHv+bRN/6oRXRh4/Rkr/9my3014uxNZjAcd0A/jBPq+
3emFXoqgucSZVLjYdfigJTWAafLX/C2UnbosJo/DMjaX/j4jawEcuv5YdfssegxY
jUmE+vUYAHOqFA/HvSFyw93GJvTC6k7A3UQSVt/3X6sW7F5liQIpRzaNLi7c0P0Y
h4d0SNkGAp63OeoauyxmlZMvbgiZTheG/8q/8HqUL5br22tA37wHDk9crfs30lwU
RvGymIgu3nGeU7bIIYcqTpFzR7v0oFcJ4hhFNxBWzHULSdB/P5K44NusqrZErpLD
y7u37hzuSgCJ5qwYNcITMbEZE+QalOcAkooPaX4jbITaNPayv7G1bycEvbPuFo14
zbbgppkxIrVnuyMuoX5Xit2n8g8yvmmuZh14D2Vu+mYQBpbh2abIiC8wPPrVDfky
AYFLGKy1TYQ+IYdHDgjl5vFo/jgMH33Jb9gv+iMoMT7LoNu4TzHt+0TCQSj/16nS
ZaOetdO0WClpePrvu3JCinEfNX3h00LsjKs6ppaCGQme6T9xOgV7huRRfbjnnhuM
qu0HAXnPo8Y=
=ICrX
-----END PGP SIGNATURE-----

« Back to bulletins