-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2018:0265-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:0265
Issue date:        2018-02-01
CVE Names:         CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 
                   CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 
                   CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 
                   CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 
                   CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 
                   CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 
                   CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 
                   CVE-2018-6053 CVE-2018-6054 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 64.0.3282.119.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Chromium to crash,
execute arbitrary code, or disclose sensitive information when visited by
the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034,
CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039,
CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045,
CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050,
CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)

* To mitigate timing-based side-channel attacks similar to "Spectre" and
"Meltdown", this update reduces the precision of the timing data provided
by the Date object and the performance.now() API, and the V8 JavaScript
engine now uses masking of certain addresses and array or string indices.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1538503 - CVE-2018-6031 chromium-browser: use after free in pdfium
1538504 - CVE-2018-6032 chromium-browser: same origin bypass in shared worker
1538505 - CVE-2018-6033 chromium-browser: race when opening downloaded files
1538506 - CVE-2018-6034 chromium-browser: integer overflow in blink
1538507 - CVE-2018-6035 chromium-browser: insufficient isolation of devtools from extensions
1538508 - CVE-2018-6036 chromium-browser: integer underflow in webassembly
1538509 - CVE-2018-6037 chromium-browser: insufficient user gesture requirements in autofill
1538510 - CVE-2018-6038 chromium-browser: heap buffer overflow in webgl
1538511 - CVE-2018-6039 chromium-browser: xss in devtools
1538512 - CVE-2018-6040 chromium-browser: content security policy bypass
1538513 - CVE-2018-6041 chromium-browser: url spoof in navigation
1538514 - CVE-2018-6042 chromium-browser: url spoof in omnibox
1538515 - CVE-2018-6043 chromium-browser: insufficient escaping with external url handlers
1538516 - CVE-2018-6045 chromium-browser: insufficient isolation of devtools from extensions
1538517 - CVE-2018-6046 chromium-browser: insufficient isolation of devtools from extensions
1538518 - CVE-2018-6047 chromium-browser: cross origin url leak in webgl
1538519 - CVE-2018-6048 chromium-browser: referrer policy bypass in blink
1538520 - CVE-2018-6049 chromium-browser: ui spoof in permissions
1538522 - CVE-2018-6050 chromium-browser: url spoof in omnibox
1538523 - CVE-2018-6051 chromium-browser: referrer leak in xss auditor
1538524 - CVE-2018-6052 chromium-browser: incomplete no-referrer policy implementation
1538525 - CVE-2018-6053 chromium-browser: leak of page thumbnails in new tab page
1538526 - CVE-2018-6054 chromium-browser: use after free in webui

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-64.0.3282.119-1.el6_9.i686.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm

x86_64:
chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-64.0.3282.119-1.el6_9.i686.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm

x86_64:
chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-64.0.3282.119-1.el6_9.i686.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.i686.rpm

x86_64:
chromium-browser-64.0.3282.119-1.el6_9.x86_64.rpm
chromium-browser-debuginfo-64.0.3282.119-1.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-6031
https://access.redhat.com/security/cve/CVE-2018-6032
https://access.redhat.com/security/cve/CVE-2018-6033
https://access.redhat.com/security/cve/CVE-2018-6034
https://access.redhat.com/security/cve/CVE-2018-6035
https://access.redhat.com/security/cve/CVE-2018-6036
https://access.redhat.com/security/cve/CVE-2018-6037
https://access.redhat.com/security/cve/CVE-2018-6038
https://access.redhat.com/security/cve/CVE-2018-6039
https://access.redhat.com/security/cve/CVE-2018-6040
https://access.redhat.com/security/cve/CVE-2018-6041
https://access.redhat.com/security/cve/CVE-2018-6042
https://access.redhat.com/security/cve/CVE-2018-6043
https://access.redhat.com/security/cve/CVE-2018-6045
https://access.redhat.com/security/cve/CVE-2018-6046
https://access.redhat.com/security/cve/CVE-2018-6047
https://access.redhat.com/security/cve/CVE-2018-6048
https://access.redhat.com/security/cve/CVE-2018-6049
https://access.redhat.com/security/cve/CVE-2018-6050
https://access.redhat.com/security/cve/CVE-2018-6051
https://access.redhat.com/security/cve/CVE-2018-6052
https://access.redhat.com/security/cve/CVE-2018-6053
https://access.redhat.com/security/cve/CVE-2018-6054
https://access.redhat.com/security/updates/classification/#important
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaczsxXlSAg2UNWIIRAuD6AJ99QJ/QkFx7+bROnlKH2UPWW0sDGwCgp0SV
RQ7GtwFkBMm5JyQ4+SqXeGk=
=VDp1
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce