—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2018:3803-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2018:3803
Issue date: 2018-12-10
CVE Names: CVE-2018-17480 CVE-2018-17481 CVE-2018-18335
CVE-2018-18336 CVE-2018-18337 CVE-2018-18338
CVE-2018-18339 CVE-2018-18340 CVE-2018-18341
CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
CVE-2018-18345 CVE-2018-18346 CVE-2018-18347
CVE-2018-18348 CVE-2018-18349 CVE-2018-18350
CVE-2018-18351 CVE-2018-18352 CVE-2018-18353
CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) – i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) – i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) – i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 71.0.3578.80.

Security Fix(es):

* chromium-browser: Out of bounds write in V8 (CVE-2018-17480)

* chromium-browser: Use after frees in PDFium (CVE-2018-17481)

* chromium-browser: Heap buffer overflow in Skia (CVE-2018-18335)

* chromium-browser: Use after free in PDFium (CVE-2018-18336)

* chromium-browser: Use after free in Blink (CVE-2018-18337)

* chromium-browser: Heap buffer overflow in Canvas (CVE-2018-18338)

* chromium-browser: Use after free in WebAudio (CVE-2018-18339)

* chromium-browser: Use after free in MediaRecorder (CVE-2018-18340)

* chromium-browser: Heap buffer overflow in Blink (CVE-2018-18341)

* chromium-browser: Out of bounds write in V8 (CVE-2018-18342)

* chromium-browser: Use after free in Skia (CVE-2018-18343)

* chromium-browser: Inappropriate implementation in Extensions
(CVE-2018-18344)

* chromium-browser: Inappropriate implementation in Site Isolation
(CVE-2018-18345)

* chromium-browser: Incorrect security UI in Blink (CVE-2018-18346)

* chromium-browser: Inappropriate implementation in Navigation
(CVE-2018-18347)

* chromium-browser: Inappropriate implementation in Omnibox
(CVE-2018-18348)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2018-18349)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2018-18350)

* chromium-browser: Insufficient policy enforcement in Navigation
(CVE-2018-18351)

* chromium-browser: Inappropriate implementation in Media (CVE-2018-18352)

* chromium-browser: Inappropriate implementation in Network Authentication
(CVE-2018-18353)

* chromium-browser: Insufficient data validation in Shell Integration
(CVE-2018-18354)

* chromium-browser: Insufficient policy enforcement in URL Formatter
(CVE-2018-18355)

* chromium-browser: Use after free in Skia (CVE-2018-18356)

* chromium-browser: Insufficient policy enforcement in URL Formatter
(CVE-2018-18357)

* chromium-browser: Insufficient policy enforcement in Proxy
(CVE-2018-18358)

* chromium-browser: Out of bounds read in V8 (CVE-2018-18359)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1656547 – CVE-2018-17480 chromium-browser: Out of bounds write in V8
1656548 – CVE-2018-17481 chromium-browser: Use after frees in PDFium
1656549 – CVE-2018-18335 chromium-browser: Heap buffer overflow in Skia
1656550 – CVE-2018-18336 chromium-browser: Use after free in PDFium
1656551 – CVE-2018-18337 chromium-browser: Use after free in Blink
1656552 – CVE-2018-18338 chromium-browser: Heap buffer overflow in Canvas
1656553 – CVE-2018-18339 chromium-browser: Use after free in WebAudio
1656554 – CVE-2018-18340 chromium-browser: Use after free in MediaRecorder
1656555 – CVE-2018-18341 chromium-browser: Heap buffer overflow in Blink
1656556 – CVE-2018-18342 chromium-browser: Out of bounds write in V8
1656557 – CVE-2018-18343 chromium-browser: Use after free in Skia
1656558 – CVE-2018-18344 chromium-browser: Inappropriate implementation in Extensions
1656559 – CVE-2018-18345 chromium-browser: Inappropriate implementation in Site Isolation
1656560 – CVE-2018-18346 chromium-browser: Incorrect security UI in Blink
1656561 – CVE-2018-18347 chromium-browser: Inappropriate implementation in Navigation
1656562 – CVE-2018-18348 chromium-browser: Inappropriate implementation in Omnibox
1656563 – CVE-2018-18349 chromium-browser: Insufficient policy enforcement in Blink
1656564 – CVE-2018-18350 chromium-browser: Insufficient policy enforcement in Blink
1656565 – CVE-2018-18351 chromium-browser: Insufficient policy enforcement in Navigation
1656566 – CVE-2018-18352 chromium-browser: Inappropriate implementation in Media
1656567 – CVE-2018-18353 chromium-browser: Inappropriate implementation in Network Authentication
1656568 – CVE-2018-18354 chromium-browser: Insufficient data validation in Shell Integration
1656569 – CVE-2018-18355 chromium-browser: Insufficient policy enforcement in URL Formatter
1656570 – CVE-2018-18356 chromium-browser: Use after free in Skia
1656571 – CVE-2018-18357 chromium-browser: Insufficient policy enforcement in URL Formatter
1656572 – CVE-2018-18358 chromium-browser: Insufficient policy enforcement in Proxy
1656573 – CVE-2018-18359 chromium-browser: Out of bounds read in V8

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-71.0.3578.80-1.el6_10.i686.rpm
chromium-browser-debuginfo-71.0.3578.80-1.el6_10.i686.rpm

x86_64:
chromium-browser-71.0.3578.80-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-71.0.3578.80-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-71.0.3578.80-1.el6_10.i686.rpm
chromium-browser-debuginfo-71.0.3578.80-1.el6_10.i686.rpm

x86_64:
chromium-browser-71.0.3578.80-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-71.0.3578.80-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-71.0.3578.80-1.el6_10.i686.rpm
chromium-browser-debuginfo-71.0.3578.80-1.el6_10.i686.rpm

x86_64:
chromium-browser-71.0.3578.80-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-71.0.3578.80-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-17480
https://access.redhat.com/security/cve/CVE-2018-17481
https://access.redhat.com/security/cve/CVE-2018-18335
https://access.redhat.com/security/cve/CVE-2018-18336
https://access.redhat.com/security/cve/CVE-2018-18337
https://access.redhat.com/security/cve/CVE-2018-18338
https://access.redhat.com/security/cve/CVE-2018-18339
https://access.redhat.com/security/cve/CVE-2018-18340
https://access.redhat.com/security/cve/CVE-2018-18341
https://access.redhat.com/security/cve/CVE-2018-18342
https://access.redhat.com/security/cve/CVE-2018-18343
https://access.redhat.com/security/cve/CVE-2018-18344
https://access.redhat.com/security/cve/CVE-2018-18345
https://access.redhat.com/security/cve/CVE-2018-18346
https://access.redhat.com/security/cve/CVE-2018-18347
https://access.redhat.com/security/cve/CVE-2018-18348
https://access.redhat.com/security/cve/CVE-2018-18349
https://access.redhat.com/security/cve/CVE-2018-18350
https://access.redhat.com/security/cve/CVE-2018-18351
https://access.redhat.com/security/cve/CVE-2018-18352
https://access.redhat.com/security/cve/CVE-2018-18353
https://access.redhat.com/security/cve/CVE-2018-18354
https://access.redhat.com/security/cve/CVE-2018-18355
https://access.redhat.com/security/cve/CVE-2018-18356
https://access.redhat.com/security/cve/CVE-2018-18357
https://access.redhat.com/security/cve/CVE-2018-18358
https://access.redhat.com/security/cve/CVE-2018-18359
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXA5BNNzjgjWX9erEAQh/Fw//TEntr04gMHeaG3/xXF+Vu2/oeS7VPgbQ
wsha4l3J02PYKvX33BHjT4DQyl5w7oJw8/H/allS+W5WkA4sEsAKa6lfk0vUMA3H
e8as9p2C08BTadek8CGX7aFX+jaieGdeHQ1pByxLCHCrwxbt5U8c0uxw8pRRTSMG
0zTzyf+dr8Nc2lOB0nyhuBZVUZVWQadx/N//iTST2lcLQMFY7T2EpEqQhpNnuUMf
OI7zuFOzR2+w0JodqI1Opp9owt8v6/Kh9IVklT+07sgbedo0zf+1gfpcZB/2kNT3
wZskNmxJIObVpZRer5H12ShsV3JawCB76R+GI3XHf5xAOKt/MWXqAr4/1cOLIFAf
bwirEIf+VnR8VSAfWaU9WeiL5anC6oFVdUKevWnaRlUuM4a4UZBSkE8HgIKSJIK0
fHbOCufLW4TPgzW0Qo/Vj5DUlZ3YPD5hDOEE16lN/FG4lC0TwtfZKNLcQ4t57B+H
EVr4tZjGjBKuNxfybKdze3BGsnRKqid53UiV0Ai206JEwvgL2EHY854DEvzAupNg
qKmwTsuKL+hoo2Z5STr0hsxDktgB5wJoWAYcQxFVdX+e8jFw3bvOZ22eL9BGTR/M
e3M2coCgwYvWUHAJsnyv+LM1k8ilft9bmd0KKx0TQTt13uxojJiiAZ0/2Aa/Ynon
ovG4ScvDFvE=
=j8z4
—–END PGP SIGNATURE—–

—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce