Red Hat Security Advisory 2020-0514-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 80.0.3987.87. Issues addressed include information leakage, null pointer, and out of bounds write vulnerabilities.
7fa9945e3253c721c26bb40c702658912d9d07571513d16e7a0d9c05adfe1e16
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: chromium-browser security update
Advisory ID: RHSA-2020:0514-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0514
Issue date: 2020-02-17
CVE Names: CVE-2019-18197 CVE-2019-19880 CVE-2019-19923
CVE-2019-19925 CVE-2019-19926 CVE-2020-6381
CVE-2020-6382 CVE-2020-6385 CVE-2020-6387
CVE-2020-6388 CVE-2020-6389 CVE-2020-6390
CVE-2020-6391 CVE-2020-6392 CVE-2020-6393
CVE-2020-6394 CVE-2020-6395 CVE-2020-6396
CVE-2020-6397 CVE-2020-6398 CVE-2020-6399
CVE-2020-6400 CVE-2020-6401 CVE-2020-6402
CVE-2020-6403 CVE-2020-6404 CVE-2020-6405
CVE-2020-6406 CVE-2020-6408 CVE-2020-6409
CVE-2020-6410 CVE-2020-6411 CVE-2020-6412
CVE-2020-6413 CVE-2020-6414 CVE-2020-6415
CVE-2020-6416 CVE-2020-6417
=====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 80.0.3987.87.
Security Fix(es):
* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)
* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)
* chromium-browser: Insufficient policy enforcement in storage
(CVE-2020-6385)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)
* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)
* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)
* libxslt: use after free in xsltCopyText in transform.c could lead to
information disclosure (CVE-2019-18197)
* sqlite: invalid pointer dereference in exprListAppendList in window.c
(CVE-2019-19880)
* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT
JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
(CVE-2019-19923)
* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname
during an update of a ZIP archive (CVE-2019-19925)
* sqlite: error mishandling because of incomplete fix of CVE-2019-19880
(CVE-2019-19926)
* chromium-browser: Insufficient validation of untrusted input in Blink
(CVE-2020-6391)
* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-6392)
* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6393)
* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6394)
* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)
* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)
* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)
* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)
* chromium-browser: Insufficient policy enforcement in AppCache
(CVE-2020-6399)
* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)
* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6401)
* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6402)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)
* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)
* chromium-browser: Use after free in audio (CVE-2020-6406)
* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)
* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)
* chromium-browser: Insufficient policy enforcement in navigation
(CVE-2020-6410)
* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6411)
* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6412)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)
* chromium-browser: Insufficient policy enforcement in Safe Browsing
(CVE-2020-6414)
* chromium-browser: Inappropriate implementation in JavaScript
(CVE-2020-6415)
* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)
* chromium-browser: Inappropriate implementation in installer
(CVE-2020-6417)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c
1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880
1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-19880
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19926
https://access.redhat.com/security/cve/CVE-2020-6381
https://access.redhat.com/security/cve/CVE-2020-6382
https://access.redhat.com/security/cve/CVE-2020-6385
https://access.redhat.com/security/cve/CVE-2020-6387
https://access.redhat.com/security/cve/CVE-2020-6388
https://access.redhat.com/security/cve/CVE-2020-6389
https://access.redhat.com/security/cve/CVE-2020-6390
https://access.redhat.com/security/cve/CVE-2020-6391
https://access.redhat.com/security/cve/CVE-2020-6392
https://access.redhat.com/security/cve/CVE-2020-6393
https://access.redhat.com/security/cve/CVE-2020-6394
https://access.redhat.com/security/cve/CVE-2020-6395
https://access.redhat.com/security/cve/CVE-2020-6396
https://access.redhat.com/security/cve/CVE-2020-6397
https://access.redhat.com/security/cve/CVE-2020-6398
https://access.redhat.com/security/cve/CVE-2020-6399
https://access.redhat.com/security/cve/CVE-2020-6400
https://access.redhat.com/security/cve/CVE-2020-6401
https://access.redhat.com/security/cve/CVE-2020-6402
https://access.redhat.com/security/cve/CVE-2020-6403
https://access.redhat.com/security/cve/CVE-2020-6404
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-6406
https://access.redhat.com/security/cve/CVE-2020-6408
https://access.redhat.com/security/cve/CVE-2020-6409
https://access.redhat.com/security/cve/CVE-2020-6410
https://access.redhat.com/security/cve/CVE-2020-6411
https://access.redhat.com/security/cve/CVE-2020-6412
https://access.redhat.com/security/cve/CVE-2020-6413
https://access.redhat.com/security/cve/CVE-2020-6414
https://access.redhat.com/security/cve/CVE-2020-6415
https://access.redhat.com/security/cve/CVE-2020-6416
https://access.redhat.com/security/cve/CVE-2020-6417
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z
S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7
xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH
2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6
gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi
KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd
46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3
IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u
V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG
FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP
vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT
NsxBlW4nT+g=
=xupY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce