You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa chromium-browser

Sigurnosni nedostatak programskog paketa chromium-browser

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2019:0481-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0481
Issue date: 2019-03-11
CVE Names: CVE-2019-5786
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) – i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) – i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) – i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) – i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 72.0.3626.121.

Security Fix(es):

* chromium-browser: Use-after-free in FileReader (CVE-2019-5786)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1685162 – CVE-2019-5786 chromium-browser: Use-after-free in FileReader

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

i686:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.121-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.121-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

i686:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.121-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

i686:
chromium-browser-72.0.3626.121-1.el6_10.i686.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.i686.rpm

x86_64:
chromium-browser-72.0.3626.121-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-72.0.3626.121-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5786
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXIbON9zjgjWX9erEAQg6WQ/8D7JPr+NKlPcHyrzzURm8Ky1u7DdQVOo4
WJzE7I2dUzDs5sbPPtKGwEFWO15M39T8yUDq04WIpI1GjNjJOaHV12yUMxy8TPWS
fubj3nxO0CkyDfdMMVGN38KqaTaVmrB8FOKKn1GpfbFORk5UpkLlN1f1zCmnv0qX
tY5G2kefLiM4WQRqfI5wkS9GBikgSQQA49SSUd3EJiy/l/56PYb1/dc+pP8+TnMr
yefN7oJoomU3JFNKOa3/RmpQNyvqu3cO5MTuuYL+6eegBhEIvPDOTNg7m1WxGQdi
Z7l1Wbxt6RwosvUL15m26xVXfE/UBVR2vpSNcgaCewFFaA7oYqBSlgfHNZK0Srxp
hBuzzuhkpXfES5iBNaIm16bQ+s9FoQ/b5baReJ/mDS9RApizOQ1i81GMwDgyLnk4
FSH5YdB0mOGbGCY2s3mb5LkzGlp8ocipJpufMt8PcU+fSrktHciqEZiH3BPaEQA3
nsceTFP3G0Cokp1bMMZOmQuQ28BIRIDPbs9MZ4iHUIVmdwMut9ebIVsOfdBiG3Za
AHgd2/W1HKixLz5OHak179kFgsLb3+cstzp1UVh6E0wjNcisrmJuAvZSPGVWSmQ6
2yttQEhgGIlxTq6FP9oqvmaibYtcKG4giMJBWBhMuGqpb7blfFW+Dox+EAuFpTjF
JZp769bAFNM=
=uY9q
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci jezgre operativnog sustava

Otkriveni su sigurnosni nedostaci jezgre operativnog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili stjecanje uvećanih ovlasti....

Close