-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2020:0514-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0514
Issue date:        2020-02-17
CVE Names:         CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 
                   CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 
                   CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 
                   CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 
                   CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 
                   CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 
                   CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 
                   CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 
                   CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 
                   CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 
                   CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 
                   CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 
                   CVE-2020-6416 CVE-2020-6417 
====================================================================
1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 80.0.3987.87.

Security Fix(es):

* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)

* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)

* chromium-browser: Insufficient policy enforcement in storage
(CVE-2020-6385)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)

* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)

* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)

* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)

* libxslt: use after free in xsltCopyText in transform.c could lead to
information disclosure (CVE-2019-18197)

* sqlite: invalid pointer dereference in exprListAppendList in window.c
(CVE-2019-19880)

* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT
JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
(CVE-2019-19923)

* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname
during an update of a ZIP archive (CVE-2019-19925)

* sqlite: error mishandling because of incomplete fix of CVE-2019-19880
(CVE-2019-19926)

* chromium-browser: Insufficient validation of untrusted input in Blink
(CVE-2020-6391)

* chromium-browser: Insufficient policy enforcement in extensions
(CVE-2020-6392)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6393)

* chromium-browser: Insufficient policy enforcement in Blink
(CVE-2020-6394)

* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)

* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)

* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)

* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)

* chromium-browser: Insufficient policy enforcement in AppCache
(CVE-2020-6399)

* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6401)

* chromium-browser: Insufficient policy enforcement in downloads
(CVE-2020-6402)

* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)

* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)

* chromium-browser: Use after free in audio (CVE-2020-6406)

* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)

* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)

* chromium-browser: Insufficient policy enforcement in navigation
(CVE-2020-6410)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6411)

* chromium-browser: Insufficient validation of untrusted input in Omnibox
(CVE-2020-6412)

* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)

* chromium-browser: Insufficient policy enforcement in Safe Browsing
(CVE-2020-6414)

* chromium-browser: Inappropriate implementation in JavaScript
(CVE-2020-6415)

* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)

* chromium-browser: Inappropriate implementation in installer
(CVE-2020-6417)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c
1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference
1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive
1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880
1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript
1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript
1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage
1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC
1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio
1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC
1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams
1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink
1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions
1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink
1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink
1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript
1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia
1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing
1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium
1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache
1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS
1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads
1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox
1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink
1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause
1801182 - CVE-2020-6406 chromium-browser: Use after free in audio
1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS
1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox
1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation
1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox
1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink
1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing
1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript
1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams
1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

i686:
chromium-browser-80.0.3987.87-1.el6_10.i686.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm

x86_64:
chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm
chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-18197
https://access.redhat.com/security/cve/CVE-2019-19880
https://access.redhat.com/security/cve/CVE-2019-19923
https://access.redhat.com/security/cve/CVE-2019-19925
https://access.redhat.com/security/cve/CVE-2019-19926
https://access.redhat.com/security/cve/CVE-2020-6381
https://access.redhat.com/security/cve/CVE-2020-6382
https://access.redhat.com/security/cve/CVE-2020-6385
https://access.redhat.com/security/cve/CVE-2020-6387
https://access.redhat.com/security/cve/CVE-2020-6388
https://access.redhat.com/security/cve/CVE-2020-6389
https://access.redhat.com/security/cve/CVE-2020-6390
https://access.redhat.com/security/cve/CVE-2020-6391
https://access.redhat.com/security/cve/CVE-2020-6392
https://access.redhat.com/security/cve/CVE-2020-6393
https://access.redhat.com/security/cve/CVE-2020-6394
https://access.redhat.com/security/cve/CVE-2020-6395
https://access.redhat.com/security/cve/CVE-2020-6396
https://access.redhat.com/security/cve/CVE-2020-6397
https://access.redhat.com/security/cve/CVE-2020-6398
https://access.redhat.com/security/cve/CVE-2020-6399
https://access.redhat.com/security/cve/CVE-2020-6400
https://access.redhat.com/security/cve/CVE-2020-6401
https://access.redhat.com/security/cve/CVE-2020-6402
https://access.redhat.com/security/cve/CVE-2020-6403
https://access.redhat.com/security/cve/CVE-2020-6404
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-6406
https://access.redhat.com/security/cve/CVE-2020-6408
https://access.redhat.com/security/cve/CVE-2020-6409
https://access.redhat.com/security/cve/CVE-2020-6410
https://access.redhat.com/security/cve/CVE-2020-6411
https://access.redhat.com/security/cve/CVE-2020-6412
https://access.redhat.com/security/cve/CVE-2020-6413
https://access.redhat.com/security/cve/CVE-2020-6414
https://access.redhat.com/security/cve/CVE-2020-6415
https://access.redhat.com/security/cve/CVE-2020-6416
https://access.redhat.com/security/cve/CVE-2020-6417
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z
S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7
xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH
2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6
gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi
KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd
46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3
IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u
V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG
FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP
vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT
NsxBlW4nT+g=xupY
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-0514:01 Important: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 80.0.3987.87.
Security Fix(es):
* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)
* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)
* chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)
* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)
* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)
* libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)
* sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880)
* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)
* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)
* sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)
* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394)
* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)
* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)
* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)
* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)
* chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)
* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)
* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)
* chromium-browser: Use after free in audio (CVE-2020-6406)
* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)
* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)
* chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)
* chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)
* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)
* chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.

References

https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-19880 https://access.redhat.com/security/cve/CVE-2019-19923 https://access.redhat.com/security/cve/CVE-2019-19925 https://access.redhat.com/security/cve/CVE-2019-19926 https://access.redhat.com/security/cve/CVE-2020-6381 https://access.redhat.com/security/cve/CVE-2020-6382 https://access.redhat.com/security/cve/CVE-2020-6385 https://access.redhat.com/security/cve/CVE-2020-6387 https://access.redhat.com/security/cve/CVE-2020-6388 https://access.redhat.com/security/cve/CVE-2020-6389 https://access.redhat.com/security/cve/CVE-2020-6390 https://access.redhat.com/security/cve/CVE-2020-6391 https://access.redhat.com/security/cve/CVE-2020-6392 https://access.redhat.com/security/cve/CVE-2020-6393 https://access.redhat.com/security/cve/CVE-2020-6394 https://access.redhat.com/security/cve/CVE-2020-6395 https://access.redhat.com/security/cve/CVE-2020-6396 https://access.redhat.com/security/cve/CVE-2020-6397 https://access.redhat.com/security/cve/CVE-2020-6398 https://access.redhat.com/security/cve/CVE-2020-6399 https://access.redhat.com/security/cve/CVE-2020-6400 https://access.redhat.com/security/cve/CVE-2020-6401 https://access.redhat.com/security/cve/CVE-2020-6402 https://access.redhat.com/security/cve/CVE-2020-6403 https://access.redhat.com/security/cve/CVE-2020-6404 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-6406 https://access.redhat.com/security/cve/CVE-2020-6408 https://access.redhat.com/security/cve/CVE-2020-6409 https://access.redhat.com/security/cve/CVE-2020-6410 https://access.redhat.com/security/cve/CVE-2020-6411 https://access.redhat.com/security/cve/CVE-2020-6412 https://access.redhat.com/security/cve/CVE-2020-6413 https://access.redhat.com/security/cve/CVE-2020-6414 https://access.redhat.com/security/cve/CVE-2020-6415 https://access.redhat.com/security/cve/CVE-2020-6416 https://access.redhat.com/security/cve/CVE-2020-6417 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:0514-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0514
Issued Date: : 2020-02-17
CVE Names: CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6417

Topic

An update for chromium-browser is now available for Red Hat EnterpriseLinux 6 Supplementary.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64


Bugs Fixed

1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure

1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c

1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference

1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive

1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880

1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript

1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript

1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage

1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC

1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio

1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC

1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams

1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink

1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions

1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink

1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink

1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript

1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia

1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing

1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium

1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache

1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS

1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox

1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads

1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox

1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink

1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause

1801182 - CVE-2020-6406 chromium-browser: Use after free in audio

1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS

1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox

1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation

1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox

1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox

1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink

1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing

1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript

1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams

1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved