Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4001 Multiple vulnerabilities have been identified in chromium-browser for Red Hat Enterprise Linux 6 Supplementary 30 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium-browser Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2019-13697 CVE-2019-13696 CVE-2019-13695 CVE-2019-13694 CVE-2019-13693 CVE-2019-13692 CVE-2019-13691 CVE-2019-13688 CVE-2019-13686 CVE-2019-13682 CVE-2019-13681 CVE-2019-13680 CVE-2019-13679 CVE-2019-13678 CVE-2019-13677 CVE-2019-13676 CVE-2019-13675 CVE-2019-13674 CVE-2019-13673 CVE-2019-13671 CVE-2019-13670 CVE-2019-13669 CVE-2019-13668 CVE-2019-13667 CVE-2019-13666 CVE-2019-13665 CVE-2019-13664 CVE-2019-13663 CVE-2019-13662 CVE-2019-13661 CVE-2019-13660 CVE-2019-13659 CVE-2019-5881 CVE-2019-5880 CVE-2019-5879 CVE-2019-5878 CVE-2019-5877 CVE-2019-5876 CVE-2019-5875 CVE-2019-5874 CVE-2019-5872 CVE-2019-5871 CVE-2019-5870 Reference: ASB-2019.0280 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:3211 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: chromium-browser security update Advisory ID: RHSA-2019:3211-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2019:3211 Issue date: 2019-10-29 CVE Names: CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13686 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 ===================================================================== 1. Summary: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64 3. Description: Chromium is an open-source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 77.0.3865.120. Security Fix(es): * chromium-browser: Use-after-free in media (CVE-2019-5870) * chromium-browser: Heap overflow in Skia (CVE-2019-5871) * chromium-browser: Use-after-free in Mojo (CVE-2019-5872) * chromium-browser: External URIs may trigger other browsers (CVE-2019-5874) * chromium-browser: URL bar spoof via download redirect (CVE-2019-5875) * chromium-browser: Use-after-free in media (CVE-2019-5876) * chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877) * chromium-browser: Use-after-free in V8 (CVE-2019-5878) * chromium-browser: Use-after-free in offline pages (CVE-2019-13686) * chromium-browser: Use-after-free in media (CVE-2019-13688) * chromium-browser: Omnibox spoof (CVE-2019-13691) * chromium-browser: SOP bypass (CVE-2019-13692) * chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693) * chromium-browser: Use-after-free in WebRTC (CVE-2019-13694) * chromium-browser: Use-after-free in audio (CVE-2019-13695) * chromium-browser: Use-after-free in V8 (CVE-2019-13696) * chromium-browser: Cross-origin size leak (CVE-2019-13697) * chromium-browser: Extensions can read some local files (CVE-2019-5879) * chromium-browser: SameSite cookie bypass (CVE-2019-5880) * chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881) * chromium-browser: URL spoof (CVE-2019-13659) * chromium-browser: Full screen notification overlap (CVE-2019-13660) * chromium-browser: Full screen notification spoof (CVE-2019-13661) * chromium-browser: CSP bypass (CVE-2019-13662) * chromium-browser: IDN spoof (CVE-2019-13663) * chromium-browser: CSRF bypass (CVE-2019-13664) * chromium-browser: Multiple file download protection bypass (CVE-2019-13665) * chromium-browser: Side channel using storage size estimate (CVE-2019-13666) * chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667) * chromium-browser: Global window leak via console (CVE-2019-13668) * chromium-browser: HTTP authentication spoof (CVE-2019-13669) * chromium-browser: V8 memory corruption in regex (CVE-2019-13670) * chromium-browser: Dialog box fails to show origin (CVE-2019-13671) * chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673) * chromium-browser: IDN spoofing (CVE-2019-13674) * chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675) * chromium-browser: Google URI shown for certificate warning (CVE-2019-13676) * chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677) * chromium-browser: Download dialog spoofing (CVE-2019-13678) * chromium-browser: User gesture needed for printing (CVE-2019-13679) * chromium-browser: IP address spoofing to servers (CVE-2019-13680) * chromium-browser: Bypass on download restrictions (CVE-2019-13681) * chromium-browser: Site isolation bypass (CVE-2019-13682) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Chromium must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1762366 - CVE-2019-5870 chromium-browser: Use-after-free in media 1762367 - CVE-2019-5871 chromium-browser: Heap overflow in Skia 1762368 - CVE-2019-5872 chromium-browser: Use-after-free in Mojo 1762370 - CVE-2019-5874 chromium-browser: External URIs may trigger other browsers 1762371 - CVE-2019-5875 chromium-browser: URL bar spoof via download redirect 1762372 - CVE-2019-13691 chromium-browser: Omnibox spoof 1762373 - CVE-2019-13692 chromium-browser: SOP bypass 1762374 - CVE-2019-5876 chromium-browser: Use-after-free in media 1762375 - CVE-2019-5877 chromium-browser: Out-of-bounds access in V8 1762376 - CVE-2019-5878 chromium-browser: Use-after-free in V8 1762377 - CVE-2019-5879 chromium-browser: Extensions can read some local files 1762378 - CVE-2019-5880 chromium-browser: SameSite cookie bypass 1762379 - CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader 1762380 - CVE-2019-13659 chromium-browser: URL spoof 1762381 - CVE-2019-13660 chromium-browser: Full screen notification overlap 1762382 - CVE-2019-13661 chromium-browser: Full screen notification spoof 1762383 - CVE-2019-13662 chromium-browser: CSP bypass 1762384 - CVE-2019-13663 chromium-browser: IDN spoof 1762385 - CVE-2019-13664 chromium-browser: CSRF bypass 1762386 - CVE-2019-13665 chromium-browser: Multiple file download protection bypass 1762387 - CVE-2019-13666 chromium-browser: Side channel using storage size estimate 1762388 - CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs 1762389 - CVE-2019-13668 chromium-browser: Global window leak via console 1762390 - CVE-2019-13669 chromium-browser: HTTP authentication spoof 1762391 - CVE-2019-13670 chromium-browser: V8 memory corruption in regex 1762392 - CVE-2019-13671 chromium-browser: Dialog box fails to show origin 1762393 - CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools 1762394 - CVE-2019-13674 chromium-browser: IDN spoofing 1762395 - CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash 1762396 - CVE-2019-13676 chromium-browser: Google URI shown for certificate warning 1762397 - CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated 1762398 - CVE-2019-13678 chromium-browser: Download dialog spoofing 1762399 - CVE-2019-13679 chromium-browser: User gesture needed for printing 1762400 - CVE-2019-13680 chromium-browser: IP address spoofing to servers 1762401 - CVE-2019-13681 chromium-browser: Bypass on download restrictions 1762402 - CVE-2019-13682 chromium-browser: Site isolation bypass 1762474 - CVE-2019-13688 chromium-browser: Use-after-free in media 1762476 - CVE-2019-13686 chromium-browser: Use-after-free in offline pages 1762518 - CVE-2019-13693 chromium-browser: Use-after-free in IndexedDB 1762519 - CVE-2019-13694 chromium-browser: Use-after-free in WebRTC 1762520 - CVE-2019-13695 chromium-browser: Use-after-free in audio 1762521 - CVE-2019-13696 chromium-browser: Use-after-free in V8 1762522 - CVE-2019-13697 chromium-browser: Cross-origin size leak 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm i686: chromium-browser-77.0.3865.120-2.el6_10.i686.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.i686.rpm x86_64: chromium-browser-77.0.3865.120-2.el6_10.x86_64.rpm chromium-browser-debuginfo-77.0.3865.120-2.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5870 https://access.redhat.com/security/cve/CVE-2019-5871 https://access.redhat.com/security/cve/CVE-2019-5872 https://access.redhat.com/security/cve/CVE-2019-5874 https://access.redhat.com/security/cve/CVE-2019-5875 https://access.redhat.com/security/cve/CVE-2019-5876 https://access.redhat.com/security/cve/CVE-2019-5877 https://access.redhat.com/security/cve/CVE-2019-5878 https://access.redhat.com/security/cve/CVE-2019-5879 https://access.redhat.com/security/cve/CVE-2019-5880 https://access.redhat.com/security/cve/CVE-2019-5881 https://access.redhat.com/security/cve/CVE-2019-13659 https://access.redhat.com/security/cve/CVE-2019-13660 https://access.redhat.com/security/cve/CVE-2019-13661 https://access.redhat.com/security/cve/CVE-2019-13662 https://access.redhat.com/security/cve/CVE-2019-13663 https://access.redhat.com/security/cve/CVE-2019-13664 https://access.redhat.com/security/cve/CVE-2019-13665 https://access.redhat.com/security/cve/CVE-2019-13666 https://access.redhat.com/security/cve/CVE-2019-13667 https://access.redhat.com/security/cve/CVE-2019-13668 https://access.redhat.com/security/cve/CVE-2019-13669 https://access.redhat.com/security/cve/CVE-2019-13670 https://access.redhat.com/security/cve/CVE-2019-13671 https://access.redhat.com/security/cve/CVE-2019-13673 https://access.redhat.com/security/cve/CVE-2019-13674 https://access.redhat.com/security/cve/CVE-2019-13675 https://access.redhat.com/security/cve/CVE-2019-13676 https://access.redhat.com/security/cve/CVE-2019-13677 https://access.redhat.com/security/cve/CVE-2019-13678 https://access.redhat.com/security/cve/CVE-2019-13679 https://access.redhat.com/security/cve/CVE-2019-13680 https://access.redhat.com/security/cve/CVE-2019-13681 https://access.redhat.com/security/cve/CVE-2019-13682 https://access.redhat.com/security/cve/CVE-2019-13686 https://access.redhat.com/security/cve/CVE-2019-13688 https://access.redhat.com/security/cve/CVE-2019-13691 https://access.redhat.com/security/cve/CVE-2019-13692 https://access.redhat.com/security/cve/CVE-2019-13693 https://access.redhat.com/security/cve/CVE-2019-13694 https://access.redhat.com/security/cve/CVE-2019-13695 https://access.redhat.com/security/cve/CVE-2019-13696 https://access.redhat.com/security/cve/CVE-2019-13697 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXbgGY9zjgjWX9erEAQj5wRAAm+j/C5YBPVUg7udi96drwCfuSa6gmk9L NtbMW6kPN9zgCKb/hvB/jIzbn7OKUKUOvNc0oChsn2ZBUYoD807RWOs/yhAMw7qV p/9uNGAgSmX77rcvWF0IGSG5xcwoVpPcN18ZFRtz6c3QrRo24wSOygDZVuXFjZ2Y fBcwqtVDiwhCj2m64q9DXXdS0+Xf7h79xZYoBZHboHS5l/XupFL/E7VLp92uW/uX mxgaLFi+BWau1aMXxxyzDn/yWD19ImAZ+i3e8tsDVyMJqZspkIlb6Gvskp7vLyqw TtSxWUnopoR3LE5oEeBhnQoV6Pzuu5FFq+iQ/ZxM4vcKelUtNi/A6x/EQYsqRZ7v p002vFgQweppzKdZqybAzRLuPeWWuoCDqOoCWJHGtce2CHi+MIX0P9PYkBZHmdI8 AI2L4CvH5xLwrZvQfNR/JwEr2TiC6WNkV96vGJcS10V7qPezRJWBTS6W/R26D9Wo IkjP6XWxBUti9wUZ5Ij4ozb/RPaRuAGjYl3Y56M2X0vcCqaRb76/3J3BsJi9xhe0 InutsymfIQRhRoHNQWApvhNqu0pvPjpoArtssjvanKP1U92+jEp5SO3VoRHKm3Bk 231kkQHF2G5wfIQoyaivZO6dWW0eelJyHKennFIG9kbTYdtq1DkqxwJElRqLEmEP eDhYjjUM1yo= =/Xwd - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXbjXdmaOgq3Tt24GAQgJeA//VUQH4QYUCrzPvVM5rQM3HoJICUdV7JlX bi7y1FovK7AaPRY1aKaEjVyiscYq0/+cOPgKWmKutFoloSaz89uBvFvPB7AU1Kkq cv4afk1eFN2Ilh5i13O0YdAfGNRcb3Q2pSl71Pp4vZuc47C8Txr+jY8iaBAljKEr agxpuNQavcTiDfJVSrt7uX7kj7QeLeamkoiDhBSVLwB7MurJ2V57e4px5IjkYdrL dGGtncXz0bwX3Unx2AiXaF/CSu18y3Uqiax7M3Q3SQ5N3p83mO38EwL5y8UPKe4s DPINFi12i+4EnxCqVmAK+9IAglc9ikmUNoP1g/b9FT/iwaWn+R+MNUeGCWUjHWWu plliy9/PhoKZOqSnWWjwJ+VwlKHE7fmypvpoCI3Kfoc/aZIJqfyAZPO6MLLf0GAI EegjeyzDwJDgve6pz364Km4FMDPoZ0HnDtEUcoMg4He27bOlXEl+XTmwwq7KNud6 I4WWtB07SqIYmfeYjIXONG7Z1RQQj0zq8k6U3f6JgdaMVCVieQjq7wAOZjkI0bWU /PUM4J/H2H7lZK4lcJ2/1YOX8WaHN5Eibtx4yD3SSijxPtOKPYcF/GfEgmOb9Ahy GWeUvnQvkgez/LvLF5sFjRl6wSHpdWMthJyXePv+lto7b7mpDOJbMz5oPioU7zAe DF8PLnf5WKg= =or2B -----END PGP SIGNATURE-----