You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa chromium-browser

Sigurnosni nedostaci programskog paketa chromium-browser

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2019:3775-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3775
Issue date: 2019-11-07
CVE Names: CVE-2019-13720 CVE-2019-13721
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) – i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) – i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) – i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) – i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 78.0.3904.87.

Security Fix(es):

* chromium-browser: use-after-free in audio (CVE-2019-13720)

* chromium-browser: use-after-free in PDFium (CVE-2019-13721)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1768578 – CVE-2019-13721 chromium-browser: use-after-free in PDFium
1768586 – CVE-2019-13720 chromium-browser: use-after-free in audio

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

i686:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-78.0.3904.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-78.0.3904.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

i686:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-78.0.3904.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

i686:
chromium-browser-78.0.3904.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-78.0.3904.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-78.0.3904.87-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-13720
https://access.redhat.com/security/cve/CVE-2019-13721
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXcPDjNzjgjWX9erEAQgq8w//UoRrzXHQ0Zbtpj722feJSa9LXed76o2Z
pHXEyfwHLRl3oufHm07vAdPFHkr32NXXbJUna9Y/GoktIXU+GpiUWy2L3mtBfO4Z
9Z0DFDL5RZLPULxJAzs7TC56QfA9hpZGh/E+EcHcC9AxK7p24QhmI+bBnlFzwgWh
eHqR6gletXs5DngvVRt7i3GPZ3jLueFVgc2yIZ/62VmoePhJKTguEaDWeLxX26+d
/Q1Y2PMpGSn2nt9s1owuGHfxcXuYc/EkEatyLiYJ1q8xXw9wfGaNX0DnbLpc00+t
0RzzJMCzMBVrgk2yPx6QXt5pQc1KVFG2RhX/3vgQPdLrMpmcclE0TJulN+kD5s3r
Ocl25SPmXN0gjFHM7vW+paTtU60Kea/06qDsd+M6R4yPxhYrJsqoC6qj5T4jdmxO
Aryxu+tFIUSTI1iKLqV3NvD3C5QXp0iXiaSBKnZ5T4ZrNJbYi4P4oyeO/7LpBfdD
MFKxakDcEkhSNiMJc1aENaJJyMja6yLI5Zeu1p0IHMknJTpzaNGig9HsrwsUVWTj
HtjQ5jikEbgYBn5jWIdFFY2Jzf0XH9csuQSz03qHa2/+olvuOIxPO9zhTQJZ+MCl
bC+VTHEAs4zbM3ul5jiIJ62p7y5YMcQSMJU5tXwv+Zmi9CyHj8olvpKngF1t2VhT
+pE/AZGOo4Q=
=/Z+w
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libssh2

Otkriven je sigurnosni nedostatak programske biblioteke libssh2 za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close