Red Hat Product Errata RHSA-2017:1833 - Security Advisory

Issued:: 2017-07-31
Updated:: 2017-07-31

RHSA-2017:1833 - Security Advisory

Overview
Updated Packages

Synopsis

Important: chromium-browser security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 60.0.3112.78.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5106, CVE-2017-7000, CVE-2017-5105, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386

Fixes

BZ - 1475193 - CVE-2017-5091 chromium-browser: use after free in indexeddb
BZ - 1475194 - CVE-2017-5092 chromium-browser: use after free in ppapi
BZ - 1475195 - CVE-2017-5093 chromium-browser: ui spoofing in blink
BZ - 1475196 - CVE-2017-5094 chromium-browser: type confusion in extensions
BZ - 1475197 - CVE-2017-5095 chromium-browser: out-of-bounds write in pdfium
BZ - 1475198 - CVE-2017-5096 chromium-browser: user information leak via android intents
BZ - 1475199 - CVE-2017-5097 chromium-browser: out-of-bounds read in skia
BZ - 1475200 - CVE-2017-5098 chromium-browser: use after free in v8
BZ - 1475201 - CVE-2017-5099 chromium-browser: out-of-bounds write in ppapi
BZ - 1475202 - CVE-2017-5100 chromium-browser: use after free in chrome apps
BZ - 1475203 - CVE-2017-5101 chromium-browser: url spoofing in omnibox
BZ - 1475204 - CVE-2017-5102 chromium-browser: uninitialized use in skia
BZ - 1475205 - CVE-2017-5103 chromium-browser: uninitialized use in skia
BZ - 1475206 - CVE-2017-5104 chromium-browser: ui spoofing in browser
BZ - 1475207 - CVE-2017-7000 chromium-browser: pointer disclosure in sqlite
BZ - 1475208 - CVE-2017-5105 chromium-browser: url spoofing in omnibox
BZ - 1475209 - CVE-2017-5106 chromium-browser: url spoofing in omnibox
BZ - 1475210 - CVE-2017-5107 chromium-browser: user information leak via svg
BZ - 1475211 - CVE-2017-5108 chromium-browser: type confusion in pdfium
BZ - 1475212 - CVE-2017-5109 chromium-browser: ui spoofing in browser
BZ - 1475213 - CVE-2017-5110 chromium-browser: ui spoofing in payments dialog

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
x86_64
chromium-browser-60.0.3112.78-1.el6_9.x86_64.rpm	SHA-256: f7f9e553e56be7b69c1d3b6f6d1c3116cf41547e42ab2ff643596735ac615d45
chromium-browser-debuginfo-60.0.3112.78-1.el6_9.x86_64.rpm	SHA-256: 69bab267f77dba23e3a8416c26d34a9285c3b04489c8c7491e58a76eead1c54f
i386
chromium-browser-60.0.3112.78-1.el6_9.i686.rpm	SHA-256: e985e5940686b9fe818ad9be956dcf997170863d4b2522f5ae5819c815a298c7
chromium-browser-debuginfo-60.0.3112.78-1.el6_9.i686.rpm	SHA-256: 74f04871ace1368899663d97734deb44f44c7fb9ea3a05dd197ff5078c03d8bd

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
chromium-browser-60.0.3112.78-1.el6_9.x86_64.rpm	SHA-256: f7f9e553e56be7b69c1d3b6f6d1c3116cf41547e42ab2ff643596735ac615d45
chromium-browser-debuginfo-60.0.3112.78-1.el6_9.x86_64.rpm	SHA-256: 69bab267f77dba23e3a8416c26d34a9285c3b04489c8c7491e58a76eead1c54f
i386
chromium-browser-60.0.3112.78-1.el6_9.i686.rpm	SHA-256: e985e5940686b9fe818ad9be956dcf997170863d4b2522f5ae5819c815a298c7
chromium-browser-debuginfo-60.0.3112.78-1.el6_9.i686.rpm	SHA-256: 74f04871ace1368899663d97734deb44f44c7fb9ea3a05dd197ff5078c03d8bd

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
chromium-browser-60.0.3112.78-1.el6_9.x86_64.rpm	SHA-256: f7f9e553e56be7b69c1d3b6f6d1c3116cf41547e42ab2ff643596735ac615d45
chromium-browser-debuginfo-60.0.3112.78-1.el6_9.x86_64.rpm	SHA-256: 69bab267f77dba23e3a8416c26d34a9285c3b04489c8c7491e58a76eead1c54f
i386
chromium-browser-60.0.3112.78-1.el6_9.i686.rpm	SHA-256: e985e5940686b9fe818ad9be956dcf997170863d4b2522f5ae5819c815a298c7
chromium-browser-debuginfo-60.0.3112.78-1.el6_9.i686.rpm	SHA-256: 74f04871ace1368899663d97734deb44f44c7fb9ea3a05dd197ff5078c03d8bd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories