exploit the possibilities

Red Hat Security Advisory 2020-4235-01

Red Hat Security Advisory 2020-4235-01
Posted Oct 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4235-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.75. Issues addressed include information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-15967, CVE-2020-15968, CVE-2020-15969, CVE-2020-15970, CVE-2020-15971, CVE-2020-15972, CVE-2020-15973, CVE-2020-15974, CVE-2020-15975, CVE-2020-15976, CVE-2020-15977, CVE-2020-15978, CVE-2020-15979, CVE-2020-15980, CVE-2020-15981, CVE-2020-15982, CVE-2020-15983, CVE-2020-15984, CVE-2020-15985, CVE-2020-15986, CVE-2020-15987, CVE-2020-15988, CVE-2020-15989, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992
MD5 | 8a743f36434f0dbad8309fd2bd93cc64

Red Hat Security Advisory 2020-4235-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Critical: chromium-browser security update
Advisory ID: RHSA-2020:4235-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4235
Issue date: 2020-10-13
CVE Names: CVE-2020-6557 CVE-2020-15967 CVE-2020-15968
CVE-2020-15969 CVE-2020-15970 CVE-2020-15971
CVE-2020-15972 CVE-2020-15973 CVE-2020-15974
CVE-2020-15975 CVE-2020-15976 CVE-2020-15977
CVE-2020-15978 CVE-2020-15979 CVE-2020-15980
CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986
CVE-2020-15987 CVE-2020-15988 CVE-2020-15989
CVE-2020-15990 CVE-2020-15991 CVE-2020-15992
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 86.0.4240.75.

Security Fix(es):

* chromium-browser: Use after free in payments (CVE-2020-15967)

* chromium-browser: Use after free in Blink (CVE-2020-15968)

* chromium-browser: Use after free in WebRTC (CVE-2020-15969)

* chromium-browser: Use after free in NFC (CVE-2020-15970)

* chromium-browser: Use after free in printing (CVE-2020-15971)

* chromium-browser: Use after free in audio (CVE-2020-15972)

* chromium-browser: Use after free in autofill (CVE-2020-15990)

* chromium-browser: Use after free in password manager (CVE-2020-15991)

* chromium-browser: Inappropriate implementation in networking
(CVE-2020-6557)

* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-15973)

* chromium-browser: Integer overflow in Blink (CVE-2020-15974)

* chromium-browser: Integer overflow in SwiftShader (CVE-2020-15975)

* chromium-browser: Use after free in WebXR (CVE-2020-15976)

* chromium-browser: Insufficient data validation in dialogs
(CVE-2020-15977)

* chromium-browser: Insufficient data validation in navigation
(CVE-2020-15978)

* chromium-browser: Inappropriate implementation in V8 (CVE-2020-15979)

* chromium-browser: Insufficient policy enforcement in Intents
(CVE-2020-15980)

* chromium-browser: Out of bounds read in audio (CVE-2020-15981)

* chromium-browser: Side-channel information leakage in cache
(CVE-2020-15982)

* chromium-browser: Insufficient data validation in webUI (CVE-2020-15983)

* chromium-browser: Insufficient policy enforcement in Omnibox
(CVE-2020-15984)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-15985)

* chromium-browser: Integer overflow in media (CVE-2020-15986)

* chromium-browser: Use after free in WebRTC (CVE-2020-15987)

* chromium-browser: Insufficient policy enforcement in networking
(CVE-2020-15992)

* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-15988)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-15989)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1885883 - CVE-2020-15967 chromium-browser: Use after free in payments
1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
1885887 - CVE-2020-15971 chromium-browser: Use after free in printing
1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill
1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager
1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions
1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink
1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader
1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking
1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs
1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation
1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8
1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents
1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio
1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache
1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI
1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox
1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink
1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media
1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC
1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking
1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads
1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-6557
https://access.redhat.com/security/cve/CVE-2020-15967
https://access.redhat.com/security/cve/CVE-2020-15968
https://access.redhat.com/security/cve/CVE-2020-15969
https://access.redhat.com/security/cve/CVE-2020-15970
https://access.redhat.com/security/cve/CVE-2020-15971
https://access.redhat.com/security/cve/CVE-2020-15972
https://access.redhat.com/security/cve/CVE-2020-15973
https://access.redhat.com/security/cve/CVE-2020-15974
https://access.redhat.com/security/cve/CVE-2020-15975
https://access.redhat.com/security/cve/CVE-2020-15976
https://access.redhat.com/security/cve/CVE-2020-15977
https://access.redhat.com/security/cve/CVE-2020-15978
https://access.redhat.com/security/cve/CVE-2020-15979
https://access.redhat.com/security/cve/CVE-2020-15980
https://access.redhat.com/security/cve/CVE-2020-15981
https://access.redhat.com/security/cve/CVE-2020-15982
https://access.redhat.com/security/cve/CVE-2020-15983
https://access.redhat.com/security/cve/CVE-2020-15984
https://access.redhat.com/security/cve/CVE-2020-15985
https://access.redhat.com/security/cve/CVE-2020-15986
https://access.redhat.com/security/cve/CVE-2020-15987
https://access.redhat.com/security/cve/CVE-2020-15988
https://access.redhat.com/security/cve/CVE-2020-15989
https://access.redhat.com/security/cve/CVE-2020-15990
https://access.redhat.com/security/cve/CVE-2020-15991
https://access.redhat.com/security/cve/CVE-2020-15992
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX4VjutzjgjWX9erEAQiBog/8D4EAnQmD6yqmkt9gVgCzoz1v/uOgnTHv
lghXbEidNiTmb8DlvwZKbqA/2wz/kz+vW5v0bXZNjngYnbZsev252qT9L2LQ99UA
+uirPF/zddn+T0tZ5PQHWBYpWgjF8XRQu7lJo7QHbB7GEMXJJ4SBN3erYqOjKKUo
3DakSX4DH1VIrSY+6kJ6fx26IwD7tWSBlsRklatxX1NkhrBg0Ha7lWjHhRV6WLjz
CZFxwFNJJ6bGsf8eIaaps8Ab21m87BbwOyGt2aaFT9sC5noR4mTTjBGB4lmbslB3
Vcl7PSxqs/AzDK6fAqLOJ7nqZJpiQq9ii5Z3oBbiG3J8BO6sgY7cG+D2bVWD+3eV
9L13REiW/iPXqGbpgPre8WhAwg3wdNYDiaYO6pIC7N1a/btxIdq5Gjb31dWiFdyq
XOtdEO9CieZGYNEoKf+wfe03SXCEvJz0EZZVwcFhqd8cF8xhUa2MNjpKDHryUjXg
8rJGA+5uS/UJHwToK++Q4+0Ze/jIxSuKRA7h9UhdACksgeMmFUdyfuLVfx1RdgEX
TRtO8kHaGBHz60SY4Kd6xkZks1+FqotFF2zvs4gq8XvPFbHvPgt36qbtxOHYj1BF
pl+WqaRsDOp6VmbMLAEJwZnRsR0dNN62MCgxB5sNRb5l7sSYOqYClV2zR47cEgFJ
ObQiF6iTAHk=AItV
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close