ESB-2018.3259 - [RedHat] chromium-browser: Multiple vulnerabilities 2018-10-25

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3259
                Important: chromium-browser security update
                              25 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-17477 CVE-2018-17476 CVE-2018-17475
                   CVE-2018-17474 CVE-2018-17473 CVE-2018-17471
                   CVE-2018-17470 CVE-2018-17469 CVE-2018-17468
                   CVE-2018-17467 CVE-2018-17466 CVE-2018-17465
                   CVE-2018-17464 CVE-2018-17463 CVE-2018-17462
                   CVE-2018-16435 CVE-2018-5179 

Reference:         ASB-2018.0266

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:3004

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:3004-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3004
Issue date:        2018-10-24
CVE Names:         CVE-2018-5179 CVE-2018-16435 CVE-2018-17462 
                   CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 
                   CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 
                   CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 
                   CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 
                   CVE-2018-17476 CVE-2018-17477 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 70.0.3538.67.

Security Fix(es):

* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)

* chromium-browser: Remote code execution in V8 (CVE-2018-17463)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)

* chromium-browser: Use after free in V8 (CVE-2018-17465)

* chromium-browser: Memory corruption in Angle (CVE-2018-17466)

* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to
heap-based buffer overflow (CVE-2018-16435)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)

* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)

* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)

* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)

* chromium-browser: Security UI occlusion in full screen mode
(CVE-2018-17471)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)

* chromium-browser: Use after free in Blink (CVE-2018-17474)

* chromium-browser: Lack of limits on update() in ServiceWorker
(CVE-2018-5179)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)

* chromium-browser: Security UI occlusion in full screen mode
(CVE-2018-17476)

* chromium-browser: UI spoof in Extensions (CVE-2018-17477)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow
1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache
1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8
1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox
1640101 - CVE-2018-17465 chromium-browser: Use after free in V8
1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle
1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox
1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink
1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium
1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals
1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode
1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox
1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink
1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox
1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode
1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker
1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-70.0.3538.67-1.el6_10.i686.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm

x86_64:
chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5179
https://access.redhat.com/security/cve/CVE-2018-16435
https://access.redhat.com/security/cve/CVE-2018-17462
https://access.redhat.com/security/cve/CVE-2018-17463
https://access.redhat.com/security/cve/CVE-2018-17464
https://access.redhat.com/security/cve/CVE-2018-17465
https://access.redhat.com/security/cve/CVE-2018-17466
https://access.redhat.com/security/cve/CVE-2018-17467
https://access.redhat.com/security/cve/CVE-2018-17468
https://access.redhat.com/security/cve/CVE-2018-17469
https://access.redhat.com/security/cve/CVE-2018-17470
https://access.redhat.com/security/cve/CVE-2018-17471
https://access.redhat.com/security/cve/CVE-2018-17473
https://access.redhat.com/security/cve/CVE-2018-17474
https://access.redhat.com/security/cve/CVE-2018-17475
https://access.redhat.com/security/cve/CVE-2018-17476
https://access.redhat.com/security/cve/CVE-2018-17477
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9DtKdzjgjWX9erEAQgCxRAAowiTvmxP7iUmw/4GyB2N0VC2zQYGzxe+
mlEHS4Idc5zO0tx1IxtMUlhPOmpbxxPmi5v5vEf3kZcgJNir93x6CXUa5dz/VabD
c+abLDqy+oyhNfpO/J2NYoXcG7lhxGvSJ4gYZXJGXpR0B0mfk8Jyq1na8C0aQDX4
9KIYcZV2w/gXTRp6rd9KNSVMqV12nWi14RiBnd9jk5HnE9EszG5QDVZNKIZt4IrC
T5WdT6+jtHLbaJANnQPLiAtcAgGKhiNlMuBEKyXMjoiPcAQ8Wy72sYo08hZvnjpY
tOWfesqAfL86MQuk4OQ0eGmEPP8A8G16lNac9lnxqY9EAY2883CbpJ/V8Zp2A2uI
zxg+1xbk+NSjgb4ED54+j3y/EiaVwAL356jncnfwnef6c6+ul3Mc8q/uPdNqCqtj
1BNR7R55y9P+kwGZqToxwNc2JzVMVZWLYgC1akUpAYMQkPCpF5Y62pjY9GFV9ock
rY7KQFH2bhvMu7AlU9aTPSPwYykQdYD9vtsoEA9kzYAAEdpY6ff5d8qj6PHZaTqF
aM4vO0U1ywpdtjWOTX+yTCgxqwO1xedHy9qICC1xvaMqknSbel9TZrIVmcNW8QSG
l6sfCMeJhLqF90gHp3bypWlO757ZSGaSqS6lWv8HiNa4wzRLdswIkO71f9j10JDo
pzUdYKw9eDY=
=8fd6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9EIZ2aOgq3Tt24GAQjukxAAgbTr9RCCFp03mr7TZ1N0A70TY5fsYmTT
MzaCFrcRRHbXCvDO4yflSBaB9ssB0cNMS2ZdwYGTx0gDB/Zf8YahwxDg7I/KjVG9
vl4ewzxf2fUD/LCDzB2iOvnoHTj1s2OwpTiotaSOWZf2JJPOM0MKWQEIpCxgTu5i
s7LM4YgXGvA/o7EW6KAeFOfxaQl/qFu91WadKYiHyoqRcOzS5eTASlmVEcwcjiO4
EwE/vV/kj+r7uk1rVGglQOLki+0XfQ78lUeibA3CaaMQhla6lMQBs8dpueoVLElM
rnJtnmOTjk5n61I88TjvKlG5pGLs7ewoBr0lG90SrgRcVZc6O+qr51m7b5JeovoU
VMh4nK92vOdoaf3+sXLVXWlZc8LwJ3oHRBaWPrn5HM3ab2/T4h5upPZnm+AzlOmG
IIRIrNh48Ui2u7Qr1Akd++qnUPEqa9Bn4JPTNO8fdwBFhYCpKo+NSXD0r7GQib12
a8MStNzppH0hPMNkRPnDnv67mGPk+jj/CtDCThRQMkF2SeCf1KNlPY4PJ7kqxyTN
6T4d1AIxsI3VZJnlA6XnnsCSUl2HQciiSkiwzqDN5XcgWFvA/rI7+oghkdge2Dae
df6ObRyMdjqePqcSCojP1qPN+Ep491pMrUnPacEYkaimRXWbreW1zVPAJNCXXbg+
xlFdIraInIc=
=CtEt
-----END PGP SIGNATURE-----

« Back to bulletins