drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in chromium-browser
Name: |
Mehrere Probleme in chromium-browser |
|
ID: |
RHSA-2018:3803-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux Supplementary |
|
Datum: |
Mo, 10. Dezember 2018, 20:11 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2018-18344
https://access.redhat.com/security/cve/CVE-2018-17481
https://access.redhat.com/security/cve/CVE-2018-18342
https://access.redhat.com/security/cve/CVE-2018-18340
https://access.redhat.com/security/cve/CVE-2018-18353
https://access.redhat.com/security/cve/CVE-2018-18359
https://access.redhat.com/security/cve/CVE-2018-18358
https://access.redhat.com/security/cve/CVE-2018-18356
https://access.redhat.com/security/cve/CVE-2018-18335
https://access.redhat.com/security/cve/CVE-2018-18346
https://access.redhat.com/security/cve/CVE-2018-18354
https://access.redhat.com/security/cve/CVE-2018-18351
https://access.redhat.com/security/cve/CVE-2018-18339
https://access.redhat.com/security/cve/CVE-2018-18343
https://access.redhat.com/security/cve/CVE-2018-18349
https://access.redhat.com/security/cve/CVE-2018-18338
https://access.redhat.com/security/cve/CVE-2018-18336
https://access.redhat.com/security/cve/CVE-2018-18347
https://access.redhat.com/security/cve/CVE-2018-18337
https://access.redhat.com/security/cve/CVE-2018-18355
https://access.redhat.com/security/cve/CVE-2018-18345
https://access.redhat.com/security/cve/CVE-2018-17480
https://access.redhat.com/security/cve/CVE-2018-18341
https://access.redhat.com/security/cve/CVE-2018-18350
https://access.redhat.com/security/cve/CVE-2018-18352
https://access.redhat.com/security/cve/CVE-2018-18348
https://access.redhat.com/security/cve/CVE-2018-18357 |
|
Applikationen: |
Chromium |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2018:3803-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:3803 Issue date: 2018-12-10 CVE Names: CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 =====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 71.0.3578.80.
Security Fix(es):
* chromium-browser: Out of bounds write in V8 (CVE-2018-17480)
* chromium-browser: Use after frees in PDFium (CVE-2018-17481)
* chromium-browser: Heap buffer overflow in Skia (CVE-2018-18335)
* chromium-browser: Use after free in PDFium (CVE-2018-18336)
* chromium-browser: Use after free in Blink (CVE-2018-18337)
* chromium-browser: Heap buffer overflow in Canvas (CVE-2018-18338)
* chromium-browser: Use after free in WebAudio (CVE-2018-18339)
* chromium-browser: Use after free in MediaRecorder (CVE-2018-18340)
* chromium-browser: Heap buffer overflow in Blink (CVE-2018-18341)
* chromium-browser: Out of bounds write in V8 (CVE-2018-18342)
* chromium-browser: Use after free in Skia (CVE-2018-18343)
* chromium-browser: Inappropriate implementation in Extensions (CVE-2018-18344)
* chromium-browser: Inappropriate implementation in Site Isolation (CVE-2018-18345)
* chromium-browser: Incorrect security UI in Blink (CVE-2018-18346)
* chromium-browser: Inappropriate implementation in Navigation (CVE-2018-18347)
* chromium-browser: Inappropriate implementation in Omnibox (CVE-2018-18348)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18349)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18350)
* chromium-browser: Insufficient policy enforcement in Navigation (CVE-2018-18351)
* chromium-browser: Inappropriate implementation in Media (CVE-2018-18352)
* chromium-browser: Inappropriate implementation in Network Authentication (CVE-2018-18353)
* chromium-browser: Insufficient data validation in Shell Integration (CVE-2018-18354)
* chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18355)
* chromium-browser: Use after free in Skia (CVE-2018-18356)
* chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18357)
* chromium-browser: Insufficient policy enforcement in Proxy (CVE-2018-18358)
* chromium-browser: Out of bounds read in V8 (CVE-2018-18359)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1656547 - CVE-2018-17480 chromium-browser: Out of bounds write in V8 1656548 - CVE-2018-17481 chromium-browser: Use after frees in PDFium 1656549 - CVE-2018-18335 chromium-browser: Heap buffer overflow in Skia 1656550 - CVE-2018-18336 chromium-browser: Use after free in PDFium 1656551 - CVE-2018-18337 chromium-browser: Use after free in Blink 1656552 - CVE-2018-18338 chromium-browser: Heap buffer overflow in Canvas 1656553 - CVE-2018-18339 chromium-browser: Use after free in WebAudio 1656554 - CVE-2018-18340 chromium-browser: Use after free in MediaRecorder 1656555 - CVE-2018-18341 chromium-browser: Heap buffer overflow in Blink 1656556 - CVE-2018-18342 chromium-browser: Out of bounds write in V8 1656557 - CVE-2018-18343 chromium-browser: Use after free in Skia 1656558 - CVE-2018-18344 chromium-browser: Inappropriate implementation in Extensions 1656559 - CVE-2018-18345 chromium-browser: Inappropriate implementation in Site Isolation 1656560 - CVE-2018-18346 chromium-browser: Incorrect security UI in Blink 1656561 - CVE-2018-18347 chromium-browser: Inappropriate implementation in Navigation 1656562 - CVE-2018-18348 chromium-browser: Inappropriate implementation in Omnibox 1656563 - CVE-2018-18349 chromium-browser: Insufficient policy enforcement in Blink 1656564 - CVE-2018-18350 chromium-browser: Insufficient policy enforcement in Blink 1656565 - CVE-2018-18351 chromium-browser: Insufficient policy enforcement in Navigation 1656566 - CVE-2018-18352 chromium-browser: Inappropriate implementation in Media 1656567 - CVE-2018-18353 chromium-browser: Inappropriate implementation in Network Authentication 1656568 - CVE-2018-18354 chromium-browser: Insufficient data validation in Shell Integration 1656569 - CVE-2018-18355 chromium-browser: Insufficient policy enforcement in URL Formatter 1656570 - CVE-2018-18356 chromium-browser: Use after free in Skia 1656571 - CVE-2018-18357 chromium-browser: Insufficient policy enforcement in URL Formatter 1656572 - CVE-2018-18358 chromium-browser: Insufficient policy enforcement in Proxy 1656573 - CVE-2018-18359 chromium-browser: Out of bounds read in V8
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-71.0.3578.80-1.el6_10.i686.rpm chromium-browser-debuginfo-71.0.3578.80-1.el6_10.i686.rpm
x86_64: chromium-browser-71.0.3578.80-1.el6_10.x86_64.rpm chromium-browser-debuginfo-71.0.3578.80-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-71.0.3578.80-1.el6_10.i686.rpm chromium-browser-debuginfo-71.0.3578.80-1.el6_10.i686.rpm
x86_64: chromium-browser-71.0.3578.80-1.el6_10.x86_64.rpm chromium-browser-debuginfo-71.0.3578.80-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-71.0.3578.80-1.el6_10.i686.rpm chromium-browser-debuginfo-71.0.3578.80-1.el6_10.i686.rpm
x86_64: chromium-browser-71.0.3578.80-1.el6_10.x86_64.rpm chromium-browser-debuginfo-71.0.3578.80-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-17480 https://access.redhat.com/security/cve/CVE-2018-17481 https://access.redhat.com/security/cve/CVE-2018-18335 https://access.redhat.com/security/cve/CVE-2018-18336 https://access.redhat.com/security/cve/CVE-2018-18337 https://access.redhat.com/security/cve/CVE-2018-18338 https://access.redhat.com/security/cve/CVE-2018-18339 https://access.redhat.com/security/cve/CVE-2018-18340 https://access.redhat.com/security/cve/CVE-2018-18341 https://access.redhat.com/security/cve/CVE-2018-18342 https://access.redhat.com/security/cve/CVE-2018-18343 https://access.redhat.com/security/cve/CVE-2018-18344 https://access.redhat.com/security/cve/CVE-2018-18345 https://access.redhat.com/security/cve/CVE-2018-18346 https://access.redhat.com/security/cve/CVE-2018-18347 https://access.redhat.com/security/cve/CVE-2018-18348 https://access.redhat.com/security/cve/CVE-2018-18349 https://access.redhat.com/security/cve/CVE-2018-18350 https://access.redhat.com/security/cve/CVE-2018-18351 https://access.redhat.com/security/cve/CVE-2018-18352 https://access.redhat.com/security/cve/CVE-2018-18353 https://access.redhat.com/security/cve/CVE-2018-18354 https://access.redhat.com/security/cve/CVE-2018-18355 https://access.redhat.com/security/cve/CVE-2018-18356 https://access.redhat.com/security/cve/CVE-2018-18357 https://access.redhat.com/security/cve/CVE-2018-18358 https://access.redhat.com/security/cve/CVE-2018-18359 https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXA5BNNzjgjWX9erEAQh/Fw//TEntr04gMHeaG3/xXF+Vu2/oeS7VPgbQ wsha4l3J02PYKvX33BHjT4DQyl5w7oJw8/H/allS+W5WkA4sEsAKa6lfk0vUMA3H e8as9p2C08BTadek8CGX7aFX+jaieGdeHQ1pByxLCHCrwxbt5U8c0uxw8pRRTSMG 0zTzyf+dr8Nc2lOB0nyhuBZVUZVWQadx/N//iTST2lcLQMFY7T2EpEqQhpNnuUMf OI7zuFOzR2+w0JodqI1Opp9owt8v6/Kh9IVklT+07sgbedo0zf+1gfpcZB/2kNT3 wZskNmxJIObVpZRer5H12ShsV3JawCB76R+GI3XHf5xAOKt/MWXqAr4/1cOLIFAf bwirEIf+VnR8VSAfWaU9WeiL5anC6oFVdUKevWnaRlUuM4a4UZBSkE8HgIKSJIK0 fHbOCufLW4TPgzW0Qo/Vj5DUlZ3YPD5hDOEE16lN/FG4lC0TwtfZKNLcQ4t57B+H EVr4tZjGjBKuNxfybKdze3BGsnRKqid53UiV0Ai206JEwvgL2EHY854DEvzAupNg qKmwTsuKL+hoo2Z5STr0hsxDktgB5wJoWAYcQxFVdX+e8jFw3bvOZ22eL9BGTR/M e3M2coCgwYvWUHAJsnyv+LM1k8ilft9bmd0KKx0TQTt13uxojJiiAZ0/2Aa/Ynon ovG4ScvDFvE= =j8z4 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|