RedHat: RHSA-2018-1815:01 Important: chromium-browser security update
Summary
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 67.0.3396.62.
Security Fix(es):
* chromium-browser: Use after free in Blink (CVE-2018-6123)
* chromium-browser: Type confusion in Blink (CVE-2018-6124)
* chromium-browser: Overly permissive policy in WebUSB (CVE-2018-6125)
* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6126)
* chromium-browser: Use after free in indexedDB (CVE-2018-6127)
* chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6129)
* chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6130)
* chromium-browser: Incorrect mutability protection in WebAssembly
(CVE-2018-6131)
* chromium-browser: Use of uninitialized memory in WebRTC (CVE-2018-6132)
* chromium-browser: URL spoof in Omnibox (CVE-2018-6133)
* chromium-browser: Referrer Policy bypass in Blink (CVE-2018-6134)
* chromium-browser: UI spoofing in Blink (CVE-2018-6135)
* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6136)
* chromium-browser: Leak of visited status of page in Blink (CVE-2018-6137)
* chromium-browser: Overly permissive policy in Extensions (CVE-2018-6138)
* chromium-browser: Restrictions bypass in the debugger extension API
(CVE-2018-6139)
* chromium-browser: Restrictions bypass in the debugger extension API
(CVE-2018-6140)
* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6141)
* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6142)
* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6143)
* chromium-browser: Out of bounds memory access in PDFium (CVE-2018-6144)
* chromium-browser: Incorrect escaping of MathML in Blink (CVE-2018-6145)
* chromium-browser: Password fields not taking advantage of OS protections
in Views (CVE-2018-6147)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
References
https://access.redhat.com/security/cve/CVE-2018-6123 https://access.redhat.com/security/cve/CVE-2018-6124 https://access.redhat.com/security/cve/CVE-2018-6125 https://access.redhat.com/security/cve/CVE-2018-6126 https://access.redhat.com/security/cve/CVE-2018-6127 https://access.redhat.com/security/cve/CVE-2018-6129 https://access.redhat.com/security/cve/CVE-2018-6130 https://access.redhat.com/security/cve/CVE-2018-6131 https://access.redhat.com/security/cve/CVE-2018-6132 https://access.redhat.com/security/cve/CVE-2018-6133 https://access.redhat.com/security/cve/CVE-2018-6134 https://access.redhat.com/security/cve/CVE-2018-6135 https://access.redhat.com/security/cve/CVE-2018-6136 https://access.redhat.com/security/cve/CVE-2018-6137 https://access.redhat.com/security/cve/CVE-2018-6138 https://access.redhat.com/security/cve/CVE-2018-6139 https://access.redhat.com/security/cve/CVE-2018-6140 https://access.redhat.com/security/cve/CVE-2018-6141 https://access.redhat.com/security/cve/CVE-2018-6142 https://access.redhat.com/security/cve/CVE-2018-6143 https://access.redhat.com/security/cve/CVE-2018-6144 https://access.redhat.com/security/cve/CVE-2018-6145 https://access.redhat.com/security/cve/CVE-2018-6147 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-67.0.3396.62-2.el6_9.i686.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm
x86_64:
chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-67.0.3396.62-2.el6_9.i686.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm
x86_64:
chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-67.0.3396.62-2.el6_9.i686.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.i686.rpm
x86_64:
chromium-browser-67.0.3396.62-2.el6_9.x86_64.rpm
chromium-browser-debuginfo-67.0.3396.62-2.el6_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
Bugs Fixed
1584032 - CVE-2018-6123 chromium-browser: Use after free in Blink
1584033 - CVE-2018-6124 chromium-browser: Type confusion in Blink
1584034 - CVE-2018-6125 chromium-browser: Overly permissive policy in WebUSB
1584035 - CVE-2018-6126 chromium-browser: Heap buffer overflow in Skia
1584037 - CVE-2018-6127 chromium-browser: Use after free in indexedDB
1584039 - CVE-2018-6129 chromium-browser: Out of bounds memory access in WebRTC
1584040 - CVE-2018-6130 chromium-browser: Out of bounds memory access in WebRTC
1584042 - CVE-2018-6131 chromium-browser: Incorrect mutability protection in WebAssembly
1584043 - CVE-2018-6132 chromium-browser: Use of uninitialized memory in WebRTC
1584044 - CVE-2018-6133 chromium-browser: URL spoof in Omnibox
1584045 - CVE-2018-6134 chromium-browser: Referrer Policy bypass in Blink
1584046 - CVE-2018-6135 chromium-browser: UI spoofing in Blink
1584047 - CVE-2018-6136 chromium-browser: Out of bounds memory access in V8
1584048 - CVE-2018-6137 chromium-browser: Leak of visited status of page in Blink
1584049 - CVE-2018-6138 chromium-browser: Overly permissive policy in Extensions
1584050 - CVE-2018-6139 chromium-browser: Restrictions bypass in the debugger extension API
1584051 - CVE-2018-6140 chromium-browser: Restrictions bypass in the debugger extension API
1584052 - CVE-2018-6141 chromium-browser: Heap buffer overflow in Skia
1584054 - CVE-2018-6142 chromium-browser: Out of bounds memory access in V8
1584055 - CVE-2018-6143 chromium-browser: Out of bounds memory access in V8
1584056 - CVE-2018-6144 chromium-browser: Out of bounds memory access in PDFium
1584057 - CVE-2018-6145 chromium-browser: Incorrect escaping of MathML in Blink
1584058 - CVE-2018-6147 chromium-browser: Password fields not taking advantage of OS protections in Views