Red Hat 9062 Published by

A chromium-browser security update has been released for Red Hat Enterprise Linux 6.



RHSA-2020:4235-01: Critical: chromium-browser security update



=====================================================================
Red Hat Security Advisory

Synopsis: Critical: chromium-browser security update
Advisory ID: RHSA-2020:4235-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:4235
Issue date: 2020-10-13
CVE Names: CVE-2020-6557 CVE-2020-15967 CVE-2020-15968
CVE-2020-15969 CVE-2020-15970 CVE-2020-15971
CVE-2020-15972 CVE-2020-15973 CVE-2020-15974
CVE-2020-15975 CVE-2020-15976 CVE-2020-15977
CVE-2020-15978 CVE-2020-15979 CVE-2020-15980
CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986
CVE-2020-15987 CVE-2020-15988 CVE-2020-15989
CVE-2020-15990 CVE-2020-15991 CVE-2020-15992
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 86.0.4240.75.

Security Fix(es):

* chromium-browser: Use after free in payments (CVE-2020-15967)

* chromium-browser: Use after free in Blink (CVE-2020-15968)

* chromium-browser: Use after free in WebRTC (CVE-2020-15969)

* chromium-browser: Use after free in NFC (CVE-2020-15970)

* chromium-browser: Use after free in printing (CVE-2020-15971)

* chromium-browser: Use after free in audio (CVE-2020-15972)

* chromium-browser: Use after free in autofill (CVE-2020-15990)

* chromium-browser: Use after free in password manager (CVE-2020-15991)

* chromium-browser: Inappropriate implementation in networking
(CVE-2020-6557)

* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-15973)

* chromium-browser: Integer overflow in Blink (CVE-2020-15974)

* chromium-browser: Integer overflow in SwiftShader (CVE-2020-15975)

* chromium-browser: Use after free in WebXR (CVE-2020-15976)

* chromium-browser: Insufficient data validation in dialogs
(CVE-2020-15977)

* chromium-browser: Insufficient data validation in navigation
(CVE-2020-15978)

* chromium-browser: Inappropriate implementation in V8 (CVE-2020-15979)

* chromium-browser: Insufficient policy enforcement in Intents
(CVE-2020-15980)

* chromium-browser: Out of bounds read in audio (CVE-2020-15981)

* chromium-browser: Side-channel information leakage in cache
(CVE-2020-15982)

* chromium-browser: Insufficient data validation in webUI (CVE-2020-15983)

* chromium-browser: Insufficient policy enforcement in Omnibox
(CVE-2020-15984)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-15985)

* chromium-browser: Integer overflow in media (CVE-2020-15986)

* chromium-browser: Use after free in WebRTC (CVE-2020-15987)

* chromium-browser: Insufficient policy enforcement in networking
(CVE-2020-15992)

* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-15988)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-15989)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (  https://bugzilla.redhat.com/):

1885883 - CVE-2020-15967 chromium-browser: Use after free in payments
1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
1885887 - CVE-2020-15971 chromium-browser: Use after free in printing
1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill
1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager
1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions
1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink
1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader
1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking
1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs
1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation
1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8
1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents
1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio
1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache
1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI
1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox
1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink
1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media
1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC
1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking
1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads
1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

i686:
chromium-browser-86.0.4240.75-1.el6_10.i686.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.i686.rpm

x86_64:
chromium-browser-86.0.4240.75-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-86.0.4240.75-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2020-6557
  https://access.redhat.com/security/cve/CVE-2020-15967
  https://access.redhat.com/security/cve/CVE-2020-15968
  https://access.redhat.com/security/cve/CVE-2020-15969
  https://access.redhat.com/security/cve/CVE-2020-15970
  https://access.redhat.com/security/cve/CVE-2020-15971
  https://access.redhat.com/security/cve/CVE-2020-15972
  https://access.redhat.com/security/cve/CVE-2020-15973
  https://access.redhat.com/security/cve/CVE-2020-15974
  https://access.redhat.com/security/cve/CVE-2020-15975
  https://access.redhat.com/security/cve/CVE-2020-15976
  https://access.redhat.com/security/cve/CVE-2020-15977
  https://access.redhat.com/security/cve/CVE-2020-15978
  https://access.redhat.com/security/cve/CVE-2020-15979
  https://access.redhat.com/security/cve/CVE-2020-15980
  https://access.redhat.com/security/cve/CVE-2020-15981
  https://access.redhat.com/security/cve/CVE-2020-15982
  https://access.redhat.com/security/cve/CVE-2020-15983
  https://access.redhat.com/security/cve/CVE-2020-15984
  https://access.redhat.com/security/cve/CVE-2020-15985
  https://access.redhat.com/security/cve/CVE-2020-15986
  https://access.redhat.com/security/cve/CVE-2020-15987
  https://access.redhat.com/security/cve/CVE-2020-15988
  https://access.redhat.com/security/cve/CVE-2020-15989
  https://access.redhat.com/security/cve/CVE-2020-15990
  https://access.redhat.com/security/cve/CVE-2020-15991
  https://access.redhat.com/security/cve/CVE-2020-15992
  https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.