- Issued:
- 2016-03-30
- Updated:
- 2016-03-30
RHSA-2016:0525 - Security Advisory
Synopsis
Important: chromium-browser security update
Type/Severity
Security Advisory: Important
Topic
An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 49.0.2623.108.
Security Fix(es):
Several flaws were found in the processing of malformed web content. A web page
containing malicious content could cause Chromium to crash, execute arbitrary
code, or disclose sensitive information when visited by the victim.
(CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650)
Solution
For details on how to apply this update, which includes the changes described in
this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Update Support 6.7 x86_64
- Red Hat Enterprise Linux Server - Extended Update Support 6.7 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7 x86_64
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7 i386
Fixes
- BZ - 1321811 - CVE-2016-1646 chromium-browser: out-of-bounds read in V8
- BZ - 1321812 - CVE-2016-1647 chromium-browser: use-after-free in Navigation
- BZ - 1321814 - CVE-2016-1648 chromium-browser: use-after-free in Extensions
- BZ - 1321815 - CVE-2016-1649 chromium-browser: buffer overflow in libANGLE
- BZ - 1321816 - CVE-2016-1650 chromium-browser: various fixes from internal audits
CVEs
References
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: e89ad70afcf6b38061b97a6f2f81057b51486d57fe6ec4353b02712d6ed0ef44 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: 36859ba9b70a92bf9a7c3f6275412ebc7cb38ebee6dccc4aebc9f736deff36db |
| i386 | |
| chromium-browser-49.0.2623.108-1.el6.i686.rpm | SHA-256: c504c4d22ae965ff325bdc77ec1f8c68d6b5ad82650eed58fced67d6f2e46006 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm | SHA-256: 9691ca86cd03ce089be23eed638d8ee03a96c446da2bcac3a993e758ae014d91 |
Red Hat Enterprise Linux Server - Extended Update Support 6.7
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: e89ad70afcf6b38061b97a6f2f81057b51486d57fe6ec4353b02712d6ed0ef44 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: 36859ba9b70a92bf9a7c3f6275412ebc7cb38ebee6dccc4aebc9f736deff36db |
| i386 | |
| chromium-browser-49.0.2623.108-1.el6.i686.rpm | SHA-256: c504c4d22ae965ff325bdc77ec1f8c68d6b5ad82650eed58fced67d6f2e46006 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm | SHA-256: 9691ca86cd03ce089be23eed638d8ee03a96c446da2bcac3a993e758ae014d91 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: e89ad70afcf6b38061b97a6f2f81057b51486d57fe6ec4353b02712d6ed0ef44 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: 36859ba9b70a92bf9a7c3f6275412ebc7cb38ebee6dccc4aebc9f736deff36db |
| i386 | |
| chromium-browser-49.0.2623.108-1.el6.i686.rpm | SHA-256: c504c4d22ae965ff325bdc77ec1f8c68d6b5ad82650eed58fced67d6f2e46006 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm | SHA-256: 9691ca86cd03ce089be23eed638d8ee03a96c446da2bcac3a993e758ae014d91 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: e89ad70afcf6b38061b97a6f2f81057b51486d57fe6ec4353b02712d6ed0ef44 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: 36859ba9b70a92bf9a7c3f6275412ebc7cb38ebee6dccc4aebc9f736deff36db |
| i386 | |
| chromium-browser-49.0.2623.108-1.el6.i686.rpm | SHA-256: c504c4d22ae965ff325bdc77ec1f8c68d6b5ad82650eed58fced67d6f2e46006 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm | SHA-256: 9691ca86cd03ce089be23eed638d8ee03a96c446da2bcac3a993e758ae014d91 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: e89ad70afcf6b38061b97a6f2f81057b51486d57fe6ec4353b02712d6ed0ef44 |
| i386 | |
| chromium-browser-49.0.2623.108-1.el6.i686.rpm | SHA-256: c504c4d22ae965ff325bdc77ec1f8c68d6b5ad82650eed58fced67d6f2e46006 |
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.7
| SRPM | |
|---|---|
| x86_64 | |
| chromium-browser-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: e89ad70afcf6b38061b97a6f2f81057b51486d57fe6ec4353b02712d6ed0ef44 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.x86_64.rpm | SHA-256: 36859ba9b70a92bf9a7c3f6275412ebc7cb38ebee6dccc4aebc9f736deff36db |
| i386 | |
| chromium-browser-49.0.2623.108-1.el6.i686.rpm | SHA-256: c504c4d22ae965ff325bdc77ec1f8c68d6b5ad82650eed58fced67d6f2e46006 |
| chromium-browser-debuginfo-49.0.2623.108-1.el6.i686.rpm | SHA-256: 9691ca86cd03ce089be23eed638d8ee03a96c446da2bcac3a993e758ae014d91 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.