[RHSA-2016:1854-01] Important: chromium-browser security update

news · September 12, 2016

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

=====================================================================

Red Hat Security Advisory

Synopsis: Important: chromium-browser security update

Advisory ID: RHSA-2016:1854-01

Product: Red Hat Enterprise Linux Supplementary

Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1854.html

Issue date: 2016-09-12

CVE Names: CVE-2016-5147 CVE-2016-5148 CVE-2016-5149

CVE-2016-5150 CVE-2016-5151 CVE-2016-5152

CVE-2016-5153 CVE-2016-5154 CVE-2016-5155

CVE-2016-5156 CVE-2016-5157 CVE-2016-5158

CVE-2016-5159 CVE-2016-5160 CVE-2016-5161

CVE-2016-5162 CVE-2016-5163 CVE-2016-5164

CVE-2016-5165 CVE-2016-5166 CVE-2016-5167

=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise

Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact

of Important. A Common Vulnerability Scoring System (CVSS) base score,

which gives a detailed severity rating, is available for each vulnerability

from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 53.0.2785.89.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A

web page containing malicious content could cause Chromium to crash,

execute arbitrary code, or disclose sensitive information when visited by

the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150,

CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155,

CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167,

CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165,

CVE-2016-5166, CVE-2016-5160)

4. Solution:

For details on how to apply this update, which includes the changes

described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to

take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1372207 - CVE-2016-5147 chromium-browser: universal xss in blink

1372208 - CVE-2016-5148 chromium-browser: universal xss in blink

1372209 - CVE-2016-5149 chromium-browser: script injection in extensions

1372210 - CVE-2016-5150 chromium-browser: use after free in blink

1372212 - CVE-2016-5151 chromium-browser: use after free in pdfium

1372213 - CVE-2016-5152 chromium-browser: heap overflow in pdfium

1372214 - CVE-2016-5153 chromium-browser: use after destruction in blink

1372215 - CVE-2016-5154 chromium-browser: heap overflow in pdfium

1372216 - CVE-2016-5155 chromium-browser: address bar spoofing

1372217 - CVE-2016-5156 chromium-browser: use after free in event bindings

1372218 - CVE-2016-5157 chromium-browser: heap overflow in pdfium

1372219 - CVE-2016-5158 chromium-browser: heap overflow in pdfium

1372220 - CVE-2016-5159 chromium-browser: heap overflow in pdfium

1372221 - CVE-2016-5161 chromium-browser: type confusion in blink

1372222 - CVE-2016-5162 chromium-browser: extensions web accessible resources bypass

1372223 - CVE-2016-5163 chromium-browser: address bar spoofing

1372224 - CVE-2016-5164 chromium-browser: universal xss using devtools

1372225 - CVE-2016-5165 chromium-browser: script injection in devtools

1372227 - CVE-2016-5166 chromium-browser: smb relay attack via save page as

1372228 - CVE-2016-5160 chromium-browser: extensions web accessible resources bypass

1372229 - CVE-2016-5167 chromium-browser: various fixes from internal audits

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:

chromium-browser-53.0.2785.89-3.el6.i686.rpm

chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm

x86_64:

chromium-browser-53.0.2785.89-3.el6.x86_64.rpm

chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:

chromium-browser-53.0.2785.89-3.el6.i686.rpm

chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm

x86_64:

chromium-browser-53.0.2785.89-3.el6.x86_64.rpm

chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:

chromium-browser-53.0.2785.89-3.el6.i686.rpm

chromium-browser-debuginfo-53.0.2785.89-3.el6.i686.rpm

x86_64:

chromium-browser-53.0.2785.89-3.el6.x86_64.rpm

chromium-browser-debuginfo-53.0.2785.89-3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-5147

https://access.redhat.com/security/cve/CVE-2016-5148

https://access.redhat.com/security/cve/CVE-2016-5149

https://access.redhat.com/security/cve/CVE-2016-5150

https://access.redhat.com/security/cve/CVE-2016-5151

https://access.redhat.com/security/cve/CVE-2016-5152

https://access.redhat.com/security/cve/CVE-2016-5153

https://access.redhat.com/security/cve/CVE-2016-5154

https://access.redhat.com/security/cve/CVE-2016-5155

https://access.redhat.com/security/cve/CVE-2016-5156

https://access.redhat.com/security/cve/CVE-2016-5157

https://access.redhat.com/security/cve/CVE-2016-5158

https://access.redhat.com/security/cve/CVE-2016-5159

https://access.redhat.com/security/cve/CVE-2016-5160

https://access.redhat.com/security/cve/CVE-2016-5161

https://access.redhat.com/security/cve/CVE-2016-5162

https://access.redhat.com/security/cve/CVE-2016-5163

https://access.redhat.com/security/cve/CVE-2016-5164

https://access.redhat.com/security/cve/CVE-2016-5165

https://access.redhat.com/security/cve/CVE-2016-5166

https://access.redhat.com/security/cve/CVE-2016-5167

https://access.redhat.com/security/updates/classification/#important

https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html

8. Contact:

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

iD8DBQFX1wkdXlSAg2UNWIIRAo19AKCYY24BGTS3pCe88UaKl6eCZ4ykmACgv0iJ

SAjzzrBiLDEH4/kIVLeFMUU=

=33re

-----END PGP SIGNATURE-----

--

Sign In

[RHSA-2016:1854-01] Important: chromium-browser security update

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity