exploit the possibilities

Red Hat Security Advisory 2020-0514-01

Red Hat Security Advisory 2020-0514-01
Posted Feb 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0514-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include information leakage, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2019-18197, CVE-2019-19880, CVE-2019-19923, CVE-2019-19925, CVE-2019-19926, CVE-2020-6381, CVE-2020-6382, CVE-2020-6385, CVE-2020-6387, CVE-2020-6388, CVE-2020-6389, CVE-2020-6390, CVE-2020-6391, CVE-2020-6392, CVE-2020-6393, CVE-2020-6394, CVE-2020-6395, CVE-2020-6396, CVE-2020-6397, CVE-2020-6398, CVE-2020-6399, CVE-2020-6400, CVE-2020-6401, CVE-2020-6402, CVE-2020-6403, CVE-2020-6404, CVE-2020-6405, CVE-2020-6406
MD5 | 674d9ff97b1fed31431ddce21fa5117e

Red Hat Security Advisory 2020-0514-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2020:0514-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0514
Issue date: 2020-02-17
CVE Names: CVE-2019-18197 CVE-2019-19880 CVE-2019-19923
CVE-2019-19925 CVE-2019-19926 CVE-2020-6381
CVE-2020-6382 CVE-2020-6385 CVE-2020-6387
CVE-2020-6388 CVE-2020-6389 CVE-2020-6390
CVE-2020-6391 CVE-2020-6392 CVE-2020-6393
CVE-2020-6394 CVE-2020-6395 CVE-2020-6396
CVE-2020-6397 CVE-2020-6398 CVE-2020-6399
CVE-2020-6400 CVE-2020-6401 CVE-2020-6402
CVE-2020-6403 CVE-2020-6404 CVE-2020-6405
CVE-2020-6406 CVE-2020-6408 CVE-2020-6409
CVE-2020-6410 CVE-2020-6411 CVE-2020-6412
CVE-2020-6413 CVE-2020-6414 CVE-2020-6415
CVE-2020-6416 CVE-2020-6417
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 80.0.3987.87.

Security Fix(es):

* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

* chromium-browser: Insufficient policy enforcement in storage
(CVE-2020-6385)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)

* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)

* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

* libxslt: use after free in xsltCopyText in transform.c could lead to
information disclosure (CVE-2019-18197)

* sqlite: invalid pointer dereference in exprListAppendList in window.c
(CVE-2019-19880)

* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT
JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
(CVE-2019-19923)

* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname
during an update of a ZIP archive (CVE-2019-19925)

* sqlite: error mishandling because of incomplete fix of CVE-2019-19880
(CVE-2019-19926)

* chromium-browser: Insufficient validation of untrusted input in Blink
(CVE-2020-6391)

* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-6392)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6393)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6394)

* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

* chromium-browser: Insufficient policy enforcement in AppCache
(CVE-2020-6399)

* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6401)

* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6402)

* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)

* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

* chromium-browser: Use after free in audio (CVE-2020-6406)

* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

* chromium-browser: Insufficient policy enforcement in navigation
(CVE-2020-6410)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6411)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6412)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)

* chromium-browser: Insufficient policy enforcement in Safe Browsing
(CVE-2020-6414)

* chromium-browser: Inappropriate implementation in JavaScript
(CVE-2020-6415)

* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

* chromium-browser: Inappropriate implementation in installer
(CVE-2020-6417)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c
1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880
1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-19880
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19926
https://access.redhat.com/security/cve/CVE-2020-6381
https://access.redhat.com/security/cve/CVE-2020-6382
https://access.redhat.com/security/cve/CVE-2020-6385
https://access.redhat.com/security/cve/CVE-2020-6387
https://access.redhat.com/security/cve/CVE-2020-6388
https://access.redhat.com/security/cve/CVE-2020-6389
https://access.redhat.com/security/cve/CVE-2020-6390
https://access.redhat.com/security/cve/CVE-2020-6391
https://access.redhat.com/security/cve/CVE-2020-6392
https://access.redhat.com/security/cve/CVE-2020-6393
https://access.redhat.com/security/cve/CVE-2020-6394
https://access.redhat.com/security/cve/CVE-2020-6395
https://access.redhat.com/security/cve/CVE-2020-6396
https://access.redhat.com/security/cve/CVE-2020-6397
https://access.redhat.com/security/cve/CVE-2020-6398
https://access.redhat.com/security/cve/CVE-2020-6399
https://access.redhat.com/security/cve/CVE-2020-6400
https://access.redhat.com/security/cve/CVE-2020-6401
https://access.redhat.com/security/cve/CVE-2020-6402
https://access.redhat.com/security/cve/CVE-2020-6403
https://access.redhat.com/security/cve/CVE-2020-6404
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-6406
https://access.redhat.com/security/cve/CVE-2020-6408
https://access.redhat.com/security/cve/CVE-2020-6409
https://access.redhat.com/security/cve/CVE-2020-6410
https://access.redhat.com/security/cve/CVE-2020-6411
https://access.redhat.com/security/cve/CVE-2020-6412
https://access.redhat.com/security/cve/CVE-2020-6413
https://access.redhat.com/security/cve/CVE-2020-6414
https://access.redhat.com/security/cve/CVE-2020-6415
https://access.redhat.com/security/cve/CVE-2020-6416
https://access.redhat.com/security/cve/CVE-2020-6417
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z
S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7
xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH
2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6
gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi
KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd
46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3
IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u
V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG
FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP
vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT
NsxBlW4nT+g=
=xupY
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close