Operating System:

[RedHat]

Published:

18 February 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0537
                     chromium-browser security update
                             18 February 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-6417 CVE-2020-6416 CVE-2020-6415
                   CVE-2020-6414 CVE-2020-6413 CVE-2020-6412
                   CVE-2020-6411 CVE-2020-6410 CVE-2020-6409
                   CVE-2020-6408 CVE-2020-6406 CVE-2020-6405
                   CVE-2020-6404 CVE-2020-6403 CVE-2020-6402
                   CVE-2020-6401 CVE-2020-6400 CVE-2020-6399
                   CVE-2020-6398 CVE-2020-6397 CVE-2020-6396
                   CVE-2020-6395 CVE-2020-6394 CVE-2020-6393
                   CVE-2020-6392 CVE-2020-6391 CVE-2020-6390
                   CVE-2020-6389 CVE-2020-6388 CVE-2020-6387
                   CVE-2020-6385 CVE-2020-6382 CVE-2020-6381
                   CVE-2019-19926 CVE-2019-19925 CVE-2019-19923
                   CVE-2019-19880 CVE-2019-18197 

Reference:         ASB-2020.0034
                   ESB-2019.3966
                   ESB-2019.3929

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:0514

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2020:0514-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0514
Issue date:        2020-02-17
CVE Names:         CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 
                   CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 
                   CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 
                   CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 
                   CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 
                   CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 
                   CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 
                   CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 
                   CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 
                   CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 
                   CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 
                   CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 
                   CVE-2020-6416 CVE-2020-6417 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 80.0.3987.87.

Security Fix(es):

* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

* chromium-browser: Insufficient policy enforcement in storage
(CVE-2020-6385)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)

* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)

* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

* libxslt: use after free in xsltCopyText in transform.c could lead to
information disclosure (CVE-2019-18197)

* sqlite: invalid pointer dereference in exprListAppendList in window.c
(CVE-2019-19880)

* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT
JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
(CVE-2019-19923)

* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname
during an update of a ZIP archive (CVE-2019-19925)

* sqlite: error mishandling because of incomplete fix of CVE-2019-19880
(CVE-2019-19926)

* chromium-browser: Insufficient validation of untrusted input in Blink
(CVE-2020-6391)

* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-6392)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6393)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6394)

* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

* chromium-browser: Insufficient policy enforcement in AppCache
(CVE-2020-6399)

* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6401)

* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6402)

* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)

* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

* chromium-browser: Use after free in audio (CVE-2020-6406)

* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

* chromium-browser: Insufficient policy enforcement in navigation
(CVE-2020-6410)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6411)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6412)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)

* chromium-browser: Insufficient policy enforcement in Safe Browsing
(CVE-2020-6414)

* chromium-browser: Inappropriate implementation in JavaScript
(CVE-2020-6415)

* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

* chromium-browser: Inappropriate implementation in installer
(CVE-2020-6417)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c
1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880
1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-19880
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19926
https://access.redhat.com/security/cve/CVE-2020-6381
https://access.redhat.com/security/cve/CVE-2020-6382
https://access.redhat.com/security/cve/CVE-2020-6385
https://access.redhat.com/security/cve/CVE-2020-6387
https://access.redhat.com/security/cve/CVE-2020-6388
https://access.redhat.com/security/cve/CVE-2020-6389
https://access.redhat.com/security/cve/CVE-2020-6390
https://access.redhat.com/security/cve/CVE-2020-6391
https://access.redhat.com/security/cve/CVE-2020-6392
https://access.redhat.com/security/cve/CVE-2020-6393
https://access.redhat.com/security/cve/CVE-2020-6394
https://access.redhat.com/security/cve/CVE-2020-6395
https://access.redhat.com/security/cve/CVE-2020-6396
https://access.redhat.com/security/cve/CVE-2020-6397
https://access.redhat.com/security/cve/CVE-2020-6398
https://access.redhat.com/security/cve/CVE-2020-6399
https://access.redhat.com/security/cve/CVE-2020-6400
https://access.redhat.com/security/cve/CVE-2020-6401
https://access.redhat.com/security/cve/CVE-2020-6402
https://access.redhat.com/security/cve/CVE-2020-6403
https://access.redhat.com/security/cve/CVE-2020-6404
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-6406
https://access.redhat.com/security/cve/CVE-2020-6408
https://access.redhat.com/security/cve/CVE-2020-6409
https://access.redhat.com/security/cve/CVE-2020-6410
https://access.redhat.com/security/cve/CVE-2020-6411
https://access.redhat.com/security/cve/CVE-2020-6412
https://access.redhat.com/security/cve/CVE-2020-6413
https://access.redhat.com/security/cve/CVE-2020-6414
https://access.redhat.com/security/cve/CVE-2020-6415
https://access.redhat.com/security/cve/CVE-2020-6416
https://access.redhat.com/security/cve/CVE-2020-6417
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z
S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7
xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH
2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6
gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi
KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd
46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3
IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u
V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG
FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP
vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT
NsxBlW4nT+g=
=xupY
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXks1z2aOgq3Tt24GAQjR3RAA2fXu7pCj4KpzgS9MfREZJS6b6VOBxP9R
uSP1A/DvYtX6E4jZRbKsm/hJKBo1ED4VAwtiGBpXsr7ZvXElaCGrLoMB9KJ3FpQ7
guVpm6JPNUQsIR+kY16z5ubWTVD6vy3NGnPJt2Vj9+1Kwyg0/kj1FK3Pc/aLvkpP
cPsBRhdR9D8KQuUpTmN9EfGhITQwxiqpJepVopEI2FzO6A4IfNRH7FqGguBF9N6g
apLkBtBE+ldrTF9e4Bq7dxUlpBhH2T+1HLBs9gi+imKqNl8pUoduo4xLGUErbYZX
qyvt8gPZfnj39aZ2SUpNJUvFw38na6knUCZ02r23ptdoH17FvfNiq79AlI1B7aP+
d1ZbmwNy+ljA/rdr0Tg44cNVCLWgwAU6Zoy4/nJ9R6PWtSS/wMjq6sRDNh94XtHb
BMsM4Thl+bwDiODxf3mrE3RiC0YW2Xt4oQLVN2ValOyKmhf5z/NkjN1w6PmRLECe
mL9Ap/87Iq6Mm3TAu2/KlgGKr2+L4ttin4DhBEidmTEOSr4YLWVBQY8wSfVPo9rA
gGQ8F3r7/hR8oPTZz7e8897UUXPSo+5ETlJC/cAOBiplT3Ubg89rvsEN2cJi7jgA
Bo4dvtTEz83UiljflFkrCnstmYHAM0vy5FrHuRyviySi1a7LigVkUXSXOZgo4qju
dUWpUOessRw=
=rtWI
-----END PGP SIGNATURE-----