-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2020:0514-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0514
Issue date:        2020-02-17
CVE Names:         CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 
                   CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 
                   CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 
                   CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 
                   CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 
                   CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 
                   CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 
                   CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 
                   CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 
                   CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 
                   CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 
                   CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 
                   CVE-2020-6416 CVE-2020-6417 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 80.0.3987.87.

Security Fix(es):

* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

* chromium-browser: Insufficient policy enforcement in storage
(CVE-2020-6385)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)

* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)

* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

* libxslt: use after free in xsltCopyText in transform.c could lead to
information disclosure (CVE-2019-18197)

* sqlite: invalid pointer dereference in exprListAppendList in window.c
(CVE-2019-19880)

* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT
JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
(CVE-2019-19923)

* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname
during an update of a ZIP archive (CVE-2019-19925)

* sqlite: error mishandling because of incomplete fix of CVE-2019-19880
(CVE-2019-19926)

* chromium-browser: Insufficient validation of untrusted input in Blink
(CVE-2020-6391)

* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-6392)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6393)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6394)

* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

* chromium-browser: Insufficient policy enforcement in AppCache
(CVE-2020-6399)

* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6401)

* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6402)

* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)

* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

* chromium-browser: Use after free in audio (CVE-2020-6406)

* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

* chromium-browser: Insufficient policy enforcement in navigation
(CVE-2020-6410)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6411)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6412)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)

* chromium-browser: Insufficient policy enforcement in Safe Browsing
(CVE-2020-6414)

* chromium-browser: Inappropriate implementation in JavaScript
(CVE-2020-6415)

* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

* chromium-browser: Inappropriate implementation in installer
(CVE-2020-6417)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c
1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880
1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-19880
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19926
https://access.redhat.com/security/cve/CVE-2020-6381
https://access.redhat.com/security/cve/CVE-2020-6382
https://access.redhat.com/security/cve/CVE-2020-6385
https://access.redhat.com/security/cve/CVE-2020-6387
https://access.redhat.com/security/cve/CVE-2020-6388
https://access.redhat.com/security/cve/CVE-2020-6389
https://access.redhat.com/security/cve/CVE-2020-6390
https://access.redhat.com/security/cve/CVE-2020-6391
https://access.redhat.com/security/cve/CVE-2020-6392
https://access.redhat.com/security/cve/CVE-2020-6393
https://access.redhat.com/security/cve/CVE-2020-6394
https://access.redhat.com/security/cve/CVE-2020-6395
https://access.redhat.com/security/cve/CVE-2020-6396
https://access.redhat.com/security/cve/CVE-2020-6397
https://access.redhat.com/security/cve/CVE-2020-6398
https://access.redhat.com/security/cve/CVE-2020-6399
https://access.redhat.com/security/cve/CVE-2020-6400
https://access.redhat.com/security/cve/CVE-2020-6401
https://access.redhat.com/security/cve/CVE-2020-6402
https://access.redhat.com/security/cve/CVE-2020-6403
https://access.redhat.com/security/cve/CVE-2020-6404
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-6406
https://access.redhat.com/security/cve/CVE-2020-6408
https://access.redhat.com/security/cve/CVE-2020-6409
https://access.redhat.com/security/cve/CVE-2020-6410
https://access.redhat.com/security/cve/CVE-2020-6411
https://access.redhat.com/security/cve/CVE-2020-6412
https://access.redhat.com/security/cve/CVE-2020-6413
https://access.redhat.com/security/cve/CVE-2020-6414
https://access.redhat.com/security/cve/CVE-2020-6415
https://access.redhat.com/security/cve/CVE-2020-6416
https://access.redhat.com/security/cve/CVE-2020-6417
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z
S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7
xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH
2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6
gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi
KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd
46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3
IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u
V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG
FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP
vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT
NsxBlW4nT+g=
=xupY
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce