Jump to content
Compatible Support Forums
Sign in to follow this  
news

[RHSA-2015:1023-01] Important: chromium-browser security update

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Important: chromium-browser security update

Advisory ID: RHSA-2015:1023-01

Product: Red Hat Enterprise Linux Supplementary

Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1023.html

Issue date: 2015-05-25

CVE Names: CVE-2015-1251 CVE-2015-1252 CVE-2015-1253

CVE-2015-1254 CVE-2015-1255 CVE-2015-1256

CVE-2015-1257 CVE-2015-1258 CVE-2015-1259

CVE-2015-1260 CVE-2015-1261 CVE-2015-1262

CVE-2015-1263 CVE-2015-1264 CVE-2015-1265

=====================================================================

 

1. Summary:

 

Updated chromium-browser packages that fix multiple security issues are now

available for Red Hat Enterprise Linux 6 Supplementary.

 

Red Hat Product Security has rated this update as having Important security

impact. Common Vulnerability Scoring System (CVSS) base scores, which give

detailed severity ratings, are available for each vulnerability from the

CVE links in the References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

 

3. Description:

 

Chromium is an open-source web browser, powered by WebKit (Blink).

 

Several flaws were found in the processing of malformed web content. A web

page containing malicious content could cause Chromium to crash or,

potentially, execute arbitrary code with the privileges of the user running

Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254,

CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259,

CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264,

CVE-2015-1265)

 

All Chromium users should upgrade to these updated packages, which contain

Chromium version 43.0.2357.65, which corrects these issues. After

installing the update, Chromium must be restarted for the changes to take

effect.

 

4. Solution:

 

Before applying this update, make sure all previously released errata

relevant to your system have been applied.

 

For details on how to apply this update, refer to:

 

https://access.redhat.com/articles/11258

 

5. Bugs fixed (https://bugzilla.redhat.com/):

 

1223258 - CVE-2015-1251 chromium-browser: Use-after-free in Speech.

1223259 - CVE-2015-1252 chromium-browser: Sandbox escape in Chrome.

1223260 - CVE-2015-1253 chromium-browser: Cross-origin bypass in DOM.

1223261 - CVE-2015-1254 chromium-browser: Cross-origin bypass in Editing.

1223262 - CVE-2015-1255 chromium-browser: Use-after-free in WebAudio.

1223263 - CVE-2015-1256 chromium-browser: Use-after-free in SVG.

1223264 - CVE-2015-1257 chromium-browser: Container-overflow in SVG.

1223266 - CVE-2015-1258 chromium-browser: Negative-size parameter in Libvpx.

1223267 - CVE-2015-1259 chromium-browser: Uninitialized value in PDFium.

1223268 - CVE-2015-1260 chromium-browser: Use-after-free in WebRTC.

1223269 - CVE-2015-1261 chromium-browser: URL bar spoofing in unspecified component

1223270 - CVE-2015-1262 chromium-browser: Uninitialized value in Blink.

1223271 - CVE-2015-1263 chromium-browser: insecure download of spellcheck dictionary in unspecified component

1223272 - CVE-2015-1264 chromium-browser: Cross-site scripting in bookmarks.

1223273 - CVE-2015-1265 chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.

 

6. Package List:

 

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

 

i386:

chromium-browser-43.0.2357.65-1.el6_6.i686.rpm

chromium-browser-debuginfo-43.0.2357.65-1.el6_6.i686.rpm

 

x86_64:

chromium-browser-43.0.2357.65-1.el6_6.x86_64.rpm

chromium-browser-debuginfo-43.0.2357.65-1.el6_6.x86_64.rpm

 

Red Hat Enterprise Linux Server Supplementary (v. 6):

 

i386:

chromium-browser-43.0.2357.65-1.el6_6.i686.rpm

chromium-browser-debuginfo-43.0.2357.65-1.el6_6.i686.rpm

 

x86_64:

chromium-browser-43.0.2357.65-1.el6_6.x86_64.rpm

chromium-browser-debuginfo-43.0.2357.65-1.el6_6.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

 

i386:

chromium-browser-43.0.2357.65-1.el6_6.i686.rpm

chromium-browser-debuginfo-43.0.2357.65-1.el6_6.i686.rpm

 

x86_64:

chromium-browser-43.0.2357.65-1.el6_6.x86_64.rpm

chromium-browser-debuginfo-43.0.2357.65-1.el6_6.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

 

7. References:

 

https://access.redhat.com/security/cve/CVE-2015-1251

https://access.redhat.com/security/cve/CVE-2015-1252

https://access.redhat.com/security/cve/CVE-2015-1253

https://access.redhat.com/security/cve/CVE-2015-1254

https://access.redhat.com/security/cve/CVE-2015-1255

https://access.redhat.com/security/cve/CVE-2015-1256

https://access.redhat.com/security/cve/CVE-2015-1257

https://access.redhat.com/security/cve/CVE-2015-1258

https://access.redhat.com/security/cve/CVE-2015-1259

https://access.redhat.com/security/cve/CVE-2015-1260

https://access.redhat.com/security/cve/CVE-2015-1261

https://access.redhat.com/security/cve/CVE-2015-1262

https://access.redhat.com/security/cve/CVE-2015-1263

https://access.redhat.com/security/cve/CVE-2015-1264

https://access.redhat.com/security/cve/CVE-2015-1265

https://access.redhat.com/security/updates/classification/#important

https://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2015 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

 

iD8DBQFVYqb1XlSAg2UNWIIRAvcFAJ44mRGgEbZnE0rOK58VHWFVymdbCACfbwUM

pDfvHmlSb5LnH4GRzlMxBW4=

=ikCN

-----END PGP SIGNATURE-----

 

 

--

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×