drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in chromium-browser
Name: |
Mehrere Probleme in chromium-browser |
|
ID: |
RHSA-2018:3004-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux Supplementary |
|
Datum: |
Do, 25. Oktober 2018, 07:02 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2018-17473
https://access.redhat.com/security/cve/CVE-2018-17467
https://access.redhat.com/security/cve/CVE-2018-17471
https://access.redhat.com/security/cve/CVE-2018-17475
https://access.redhat.com/security/cve/CVE-2018-5179
https://access.redhat.com/security/cve/CVE-2018-17477
https://access.redhat.com/security/cve/CVE-2018-17470
https://access.redhat.com/security/cve/CVE-2018-17474
https://access.redhat.com/security/cve/CVE-2018-17463
https://access.redhat.com/security/cve/CVE-2018-17465
https://access.redhat.com/security/cve/CVE-2018-17464
https://access.redhat.com/security/cve/CVE-2018-17468
https://access.redhat.com/security/cve/CVE-2018-17476
https://access.redhat.com/security/cve/CVE-2018-17469
https://access.redhat.com/security/cve/CVE-2018-17462
https://access.redhat.com/security/cve/CVE-2018-17466
https://access.redhat.com/security/cve/CVE-2018-16435 |
|
Applikationen: |
Chromium |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2018:3004-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:3004 Issue date: 2018-10-24 CVE Names: CVE-2018-5179 CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 =====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 70.0.3538.67.
Security Fix(es):
* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)
* chromium-browser: Remote code execution in V8 (CVE-2018-17463)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)
* chromium-browser: Use after free in V8 (CVE-2018-17465)
* chromium-browser: Memory corruption in Angle (CVE-2018-17466)
* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)
* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)
* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)
* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)
* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)
* chromium-browser: Use after free in Blink (CVE-2018-17474)
* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)
* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)
* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)
* chromium-browser: UI spoof in Extensions (CVE-2018-17477)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1628969 - CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow 1640098 - CVE-2018-17462 chromium-browser: Sandbox escape in AppCache 1640099 - CVE-2018-17463 chromium-browser: Remote code execution in V8 1640100 - CVE-2018-17464 chromium-browser: URL spoof in Omnibox 1640101 - CVE-2018-17465 chromium-browser: Use after free in V8 1640102 - CVE-2018-17466 chromium-browser: Memory corruption in Angle 1640103 - CVE-2018-17467 chromium-browser: URL spoof in Omnibox 1640104 - CVE-2018-17468 chromium-browser: Cross-origin URL disclosure in Blink 1640105 - CVE-2018-17469 chromium-browser: Heap buffer overflow in PDFium 1640106 - CVE-2018-17470 chromium-browser: Memory corruption in GPU Internals 1640107 - CVE-2018-17471 chromium-browser: Security UI occlusion in full screen mode 1640110 - CVE-2018-17473 chromium-browser: URL spoof in Omnibox 1640111 - CVE-2018-17474 chromium-browser: Use after free in Blink 1640112 - CVE-2018-17475 chromium-browser: URL spoof in Omnibox 1640113 - CVE-2018-17476 chromium-browser: Security UI occlusion in full screen mode 1640114 - CVE-2018-5179 chromium-browser: Lack of limits on update() in ServiceWorker 1640115 - CVE-2018-17477 chromium-browser: UI spoof in Extensions
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-70.0.3538.67-1.el6_10.i686.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm
x86_64: chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-5179 https://access.redhat.com/security/cve/CVE-2018-16435 https://access.redhat.com/security/cve/CVE-2018-17462 https://access.redhat.com/security/cve/CVE-2018-17463 https://access.redhat.com/security/cve/CVE-2018-17464 https://access.redhat.com/security/cve/CVE-2018-17465 https://access.redhat.com/security/cve/CVE-2018-17466 https://access.redhat.com/security/cve/CVE-2018-17467 https://access.redhat.com/security/cve/CVE-2018-17468 https://access.redhat.com/security/cve/CVE-2018-17469 https://access.redhat.com/security/cve/CVE-2018-17470 https://access.redhat.com/security/cve/CVE-2018-17471 https://access.redhat.com/security/cve/CVE-2018-17473 https://access.redhat.com/security/cve/CVE-2018-17474 https://access.redhat.com/security/cve/CVE-2018-17475 https://access.redhat.com/security/cve/CVE-2018-17476 https://access.redhat.com/security/cve/CVE-2018-17477 https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW9DtKdzjgjWX9erEAQgCxRAAowiTvmxP7iUmw/4GyB2N0VC2zQYGzxe+ mlEHS4Idc5zO0tx1IxtMUlhPOmpbxxPmi5v5vEf3kZcgJNir93x6CXUa5dz/VabD c+abLDqy+oyhNfpO/J2NYoXcG7lhxGvSJ4gYZXJGXpR0B0mfk8Jyq1na8C0aQDX4 9KIYcZV2w/gXTRp6rd9KNSVMqV12nWi14RiBnd9jk5HnE9EszG5QDVZNKIZt4IrC T5WdT6+jtHLbaJANnQPLiAtcAgGKhiNlMuBEKyXMjoiPcAQ8Wy72sYo08hZvnjpY tOWfesqAfL86MQuk4OQ0eGmEPP8A8G16lNac9lnxqY9EAY2883CbpJ/V8Zp2A2uI zxg+1xbk+NSjgb4ED54+j3y/EiaVwAL356jncnfwnef6c6+ul3Mc8q/uPdNqCqtj 1BNR7R55y9P+kwGZqToxwNc2JzVMVZWLYgC1akUpAYMQkPCpF5Y62pjY9GFV9ock rY7KQFH2bhvMu7AlU9aTPSPwYykQdYD9vtsoEA9kzYAAEdpY6ff5d8qj6PHZaTqF aM4vO0U1ywpdtjWOTX+yTCgxqwO1xedHy9qICC1xvaMqknSbel9TZrIVmcNW8QSG l6sfCMeJhLqF90gHp3bypWlO757ZSGaSqS6lWv8HiNa4wzRLdswIkO71f9j10JDo pzUdYKw9eDY= =8fd6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|