Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2743
chromium-browser security update
11 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: chromium-browser
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-6541 CVE-2020-6540 CVE-2020-6539
CVE-2020-6538 CVE-2020-6537 CVE-2020-6536
CVE-2020-6535 CVE-2020-6534 CVE-2020-6533
CVE-2020-6532 CVE-2020-6531 CVE-2020-6530
CVE-2020-6529 CVE-2020-6528 CVE-2020-6527
CVE-2020-6526 CVE-2020-6525 CVE-2020-6524
CVE-2020-6523 CVE-2020-6522 CVE-2020-6521
CVE-2020-6520 CVE-2020-6519 CVE-2020-6518
CVE-2020-6517 CVE-2020-6516 CVE-2020-6515
CVE-2020-6514 CVE-2020-6513 CVE-2020-6512
CVE-2020-6511 CVE-2020-6510
Reference: ESB-2020.2605
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:3377
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: chromium-browser security update
Advisory ID: RHSA-2020:3377-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3377
Issue date: 2020-08-10
CVE Names: CVE-2020-6510 CVE-2020-6511 CVE-2020-6512
CVE-2020-6513 CVE-2020-6514 CVE-2020-6515
CVE-2020-6516 CVE-2020-6517 CVE-2020-6518
CVE-2020-6519 CVE-2020-6520 CVE-2020-6521
CVE-2020-6522 CVE-2020-6523 CVE-2020-6524
CVE-2020-6525 CVE-2020-6526 CVE-2020-6527
CVE-2020-6528 CVE-2020-6529 CVE-2020-6530
CVE-2020-6531 CVE-2020-6532 CVE-2020-6533
CVE-2020-6534 CVE-2020-6535 CVE-2020-6536
CVE-2020-6537 CVE-2020-6538 CVE-2020-6539
CVE-2020-6540 CVE-2020-6541
=====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 84.0.4147.105.
Security Fix(es):
* chromium-browser: Heap buffer overflow in background fetch
(CVE-2020-6510)
* chromium-browser: Side-channel information leakage in content security
policy (CVE-2020-6511)
* chromium-browser: Type Confusion in V8 (CVE-2020-6512)
* chromium-browser: Heap buffer overflow in PDFium (CVE-2020-6513)
* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)
* chromium-browser: Use after free in tab strip (CVE-2020-6515)
* chromium-browser: Policy bypass in CORS (CVE-2020-6516)
* chromium-browser: Heap buffer overflow in history (CVE-2020-6517)
* chromium-browser: Use after free in SCTP (CVE-2020-6532)
* chromium-browser: Type Confusion in V8 (CVE-2020-6537)
* chromium-browser: Inappropriate implementation in WebView (CVE-2020-6538)
* chromium-browser: Use after free in CSS (CVE-2020-6539)
* chromium-browser: Heap buffer overflow in Skia (CVE-2020-6540)
* chromium-browser: Use after free in WebUSB (CVE-2020-6541)
* chromium-browser: Use after free in developer tools (CVE-2020-6518)
* chromium-browser: Policy bypass in CSP (CVE-2020-6519)
* chromium-browser: Heap buffer overflow in Skia (CVE-2020-6520)
* chromium-browser: Side-channel information leakage in autofill
(CVE-2020-6521)
* chromium-browser: Inappropriate implementation in external protocol
handlers (CVE-2020-6522)
* chromium-browser: Out of bounds write in Skia (CVE-2020-6523)
* chromium-browser: Heap buffer overflow in WebAudio (CVE-2020-6524)
* chromium-browser: Heap buffer overflow in Skia (CVE-2020-6525)
* chromium-browser: Inappropriate implementation in iframe sandbox
(CVE-2020-6526)
* chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6527)
* chromium-browser: Incorrect security UI in basic auth (CVE-2020-6528)
* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6529)
* chromium-browser: Out of bounds memory access in developer tools
(CVE-2020-6530)
* chromium-browser: Side-channel information leakage in scroll to text
(CVE-2020-6531)
* chromium-browser: Type Confusion in V8 (CVE-2020-6533)
* chromium-browser: Heap buffer overflow in WebRTC (CVE-2020-6534)
* chromium-browser: Insufficient data validation in WebUI (CVE-2020-6535)
* chromium-browser: Incorrect security UI in PWAs (CVE-2020-6536)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1857320 - CVE-2020-6511 chromium-browser: Side-channel information leakage in content security policy
1857321 - CVE-2020-6512 chromium-browser: Type Confusion in V8
1857322 - CVE-2020-6513 chromium-browser: Heap buffer overflow in PDFium
1857323 - CVE-2020-6515 chromium-browser: Use after free in tab strip
1857324 - CVE-2020-6516 chromium-browser: Policy bypass in CORS
1857325 - CVE-2020-6518 chromium-browser: Use after free in developer tools
1857326 - CVE-2020-6519 chromium-browser: Policy bypass in CSP
1857327 - CVE-2020-6520 chromium-browser: Heap buffer overflow in Skia
1857328 - CVE-2020-6521 chromium-browser: Side-channel information leakage in autofill
1857329 - CVE-2020-6523 chromium-browser: Out of bounds write in Skia
1857330 - CVE-2020-6524 chromium-browser: Heap buffer overflow in WebAudio
1857331 - CVE-2020-6525 chromium-browser: Heap buffer overflow in Skia
1857332 - CVE-2020-6526 chromium-browser: Inappropriate implementation in iframe sandbox
1857333 - CVE-2020-6527 chromium-browser: Insufficient policy enforcement in CSP
1857334 - CVE-2020-6528 chromium-browser: Incorrect security UI in basic auth
1857336 - CVE-2020-6529 chromium-browser: Inappropriate implementation in WebRTC
1857337 - CVE-2020-6530 chromium-browser: Out of bounds memory access in developer tools
1857338 - CVE-2020-6531 chromium-browser: Side-channel information leakage in scroll to text
1857339 - CVE-2020-6533 chromium-browser: Type Confusion in V8
1857340 - CVE-2020-6534 chromium-browser: Heap buffer overflow in WebRTC
1857341 - CVE-2020-6535 chromium-browser: Insufficient data validation in WebUI
1857342 - CVE-2020-6536 chromium-browser: Incorrect security UI in PWAs
1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC
1857351 - CVE-2020-6517 chromium-browser: Heap buffer overflow in history
1857352 - CVE-2020-6522 chromium-browser: Inappropriate implementation in external protocol handlers
1857400 - CVE-2020-6510 chromium-browser: Heap buffer overflow in background fetch
1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8
1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView
1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP
1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS
1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia
1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
i686:
chromium-browser-84.0.4147.105-2.el6_10.i686.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.i686.rpm
x86_64:
chromium-browser-84.0.4147.105-2.el6_10.x86_64.rpm
chromium-browser-debuginfo-84.0.4147.105-2.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6510
https://access.redhat.com/security/cve/CVE-2020-6511
https://access.redhat.com/security/cve/CVE-2020-6512
https://access.redhat.com/security/cve/CVE-2020-6513
https://access.redhat.com/security/cve/CVE-2020-6514
https://access.redhat.com/security/cve/CVE-2020-6515
https://access.redhat.com/security/cve/CVE-2020-6516
https://access.redhat.com/security/cve/CVE-2020-6517
https://access.redhat.com/security/cve/CVE-2020-6518
https://access.redhat.com/security/cve/CVE-2020-6519
https://access.redhat.com/security/cve/CVE-2020-6520
https://access.redhat.com/security/cve/CVE-2020-6521
https://access.redhat.com/security/cve/CVE-2020-6522
https://access.redhat.com/security/cve/CVE-2020-6523
https://access.redhat.com/security/cve/CVE-2020-6524
https://access.redhat.com/security/cve/CVE-2020-6525
https://access.redhat.com/security/cve/CVE-2020-6526
https://access.redhat.com/security/cve/CVE-2020-6527
https://access.redhat.com/security/cve/CVE-2020-6528
https://access.redhat.com/security/cve/CVE-2020-6529
https://access.redhat.com/security/cve/CVE-2020-6530
https://access.redhat.com/security/cve/CVE-2020-6531
https://access.redhat.com/security/cve/CVE-2020-6532
https://access.redhat.com/security/cve/CVE-2020-6533
https://access.redhat.com/security/cve/CVE-2020-6534
https://access.redhat.com/security/cve/CVE-2020-6535
https://access.redhat.com/security/cve/CVE-2020-6536
https://access.redhat.com/security/cve/CVE-2020-6537
https://access.redhat.com/security/cve/CVE-2020-6538
https://access.redhat.com/security/cve/CVE-2020-6539
https://access.redhat.com/security/cve/CVE-2020-6540
https://access.redhat.com/security/cve/CVE-2020-6541
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXzDrltzjgjWX9erEAQjq4A/9F+d6YmvVus3nDkp0gDfuzIt7/Vxs8Fu6
6iMLBHeBDyeiCzQ6s/uhRMfhOV8PpzR0fx60X4wJQAnS71c/XdHN6EhP6ZMPYyRe
nO3rCiFx9EWNeQfkTXD5ngeGvcTjWPkhcH/Gm4C/BJ0HUmP8/FAwVSxHQ/cVah6h
4xfBf9NTRrt944tc+f/gScpuAk2JZMhGoc489tTkNXJ06wOQXPxypJV9GYiLNxoP
9dTv9xvvmTT0Pkct9L7aJyI6XWY2gr1gxfmxlZ0xZumlaOVi1Ug7JafhoKM6sNyV
PSV7Ic4hJTKRtmdO9BWh4ja8fgKAsm7pYsiSMB2hc62qfjyXT3ANKBU6ZXfkaFeo
5Z2xCnaCl2rTN6gExxTC7md2gpPIikpF9uu+7PWhzZEKTgxVdsM+n8Yb2o9/W5j0
r/ggx7pt5dG06gDBUmN1Y2iny9opdFHdxcYkZWSa1K9JuRNL/uhuLIc5pVtZ2BEW
/lwW7HXD1thdsCSueOiDHibf6RtDN0mieRFjfTJHA/wqb6pjfPJ+jk26nzsIVTbv
7JMiJYqYGxNORebhJ/425weveVaiBva8G6puY8hiNqnoe8AHCl7REg4/IpqWH88a
eSXQHDCZGNIc2h9VRhobbZ6AD/yAu9dy711Eel/JhwOzGBZmUxNdv4O/ur4PT9FX
BJye0FQqWD8=
=MNeg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXzHlYuNLKJtyKPYoAQjToQ/+OxwlsUag1Oyvsb9o4TUu+/+KPjxx5Dp2
k7R7T0cvj4Ewaa+kt/mlMp2M+1G91krFo1e6umXAWD/oB8Ad0h2srBhhGcBZU8gk
1/JnRWwXN22DipR0JMBfuY274JYGlWbxMKtg99SASjWNSZo26ThqM87pOCdbt1q/
P7O0oa1Iyybvl3kNXVtlAG7WiTepLvspy6w7h8eNBYTzBsjgUp4xgTiMkV1A352y
RJlUGu+0+Z5QxFqZGfRw0MHeZVHVN5DA41t9ughX0YDiNLGbJi1HrlsNEoxElWe6
nZrY+obbsW3mavBddUWH+KFN6FE+RJe/G+I51qQSV9MNfFY1vCKyBPfS899tpLXK
/FVkDbXMPUOKxM6r9J1/7nF8pFrcNxcZpYdn4vJesXqcHtEYqfQ1QoZQ3AyrSM+7
tI7o2r1U5ChJwF2HdAP6Fqt+bYl3Q0Hu2nSg5Cg6KHzBWuT4XlPpYxbsXNU63hEO
jy4AtDR0x3Cne+F06KG5iL573/sdnWyDgxMtSLAR3IvIL46WrLLFQ/bA108RVL4H
6kiiYjP/OyD9ukurCvmx2JFVzlEMFRq5Ios3nkdtG6qoV+YbDSXRqukfIeUMJ1WB
ryNw17ZPKjrpSJMwQMjVeqD7vV3P7m3SEwUDFhIqGuB6lrW+AvtH//tYfPoau6jb
/fQIzMkEnbA=
=7otc
-----END PGP SIGNATURE-----